Re: Question about Data Sanitation in CAKEPHP
If I would sanitaze my input from javascript code? On 30 Ott, 18:57, Gwoo [EMAIL PROTECTED] wrote: The DBO layer handles proper escaping of your data to prevent SQL injection. You do not need to use Sanitize unless you are doing something out of the ordinary. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Question about Data Sanitation in CAKEPHP
If I would sanitaze my input from javascript code? No, you need to escape whenever you send dynamic content to de user (though the form helper will escape the inputs values), use the builtin h() function. echo h($comment['Comment']['content']); If you want to strip the tags or other bad content and avoid it from beign stored (they will be escaped by the dbo layer but will get inserted in the db anyway) you need to use Sanitize::clean() or Sanitize::stripWhat() where what is any of Tags, Images, Scripts, Whitespace, All. HTH, - Dardo Sordi. On 30 Ott, 18:57, Gwoo [EMAIL PROTECTED] wrote: The DBO layer handles proper escaping of your data to prevent SQL injection. You do not need to use Sanitize unless you are doing something out of the ordinary. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Question about Data Sanitation in CAKEPHP
Ok Many Thanks On 31 Ott, 11:29, Dardo Sordi Bogado [EMAIL PROTECTED] wrote: If I would sanitaze my input from javascript code? No, you need to escape whenever you send dynamic content to de user (though the form helper will escape the inputs values), use the builtin h() function. echo h($comment['Comment']['content']); If you want to strip the tags or other bad content and avoid it from beign stored (they will be escaped by the dbo layer but will get inserted in the db anyway) you need to use Sanitize::clean() or Sanitize::stripWhat() where what is any of Tags, Images, Scripts, Whitespace, All. HTH, - Dardo Sordi. On 30 Ott, 18:57, Gwoo [EMAIL PROTECTED] wrote: The DBO layer handles proper escaping of your data to prevent SQL injection. You do not need to use Sanitize unless you are doing something out of the ordinary. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Question about Data Sanitation in CAKEPHP
Hi I would use a systematic method to clean data to insert in DB. I think to use Sanitize::clean function in beforeSave(). Now my question : When I do a research in DB (for example with find) If I don't apply the Sanitize::clean function to the value inside the conditions I don't get the right values.How can I do it? Many Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Question about Data Sanitation in CAKEPHP
Is it someone can help me? On 30 Ott, 12:43, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi I would use a systematic method to clean data to insert in DB. I think to use Sanitize::clean function in beforeSave(). Now my question : When I do a research in DB (for example with find) If I don't apply the Sanitize::clean function to the value inside the conditions I don't get the right values.How can I do it? Many Thanks --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Question about Data Sanitation in CAKEPHP
The DBO layer handles proper escaping of your data to prevent SQL injection. You do not need to use Sanitize unless you are doing something out of the ordinary. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
