ind dbo source drivers, there is a value() method, which... if you take a peek at the source will say that it: "Prepares a value, or an array of values for database queries by quoting and escaping them."
On Feb 4, 6:01 pm, Mee <mee....@gmail.com> wrote: > Hello, > > Just a little question, if I get a parameter in a method, like > > function index($id==null) { > $this->post->findById($id); > > } > > Do I have to sanitize $id? I just thought that CakePHP protects params > from being used for SQL-injections of any kind, doesn't it? > > Thanks in advance, > mee --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---