Hi everyone! As I read documentation Cake automatically clean user input and we can use save() and find() with aprameters without any worries.
But, what if we need to use sometning like this $this->MyController->query("UPDATE photos SET profile_pic='1', status = 'public' WHERE id=".$id." AND profile_id=".$this->Session- >read('Profile.id')); where $id is taking from $this->data... Do we need to call saitize->clean() or mysql_real_escape_string() each time to clean param, or someone knew correct way to use this globally. Thanks Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en To unsubscribe, reply using "remove me" as the subject.