Re: Decode GWT post into $_POST
you dont need to sanitize. I can see the beforeFilter being about 4 lines of code max. Seems pretty painless to me --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
you dont need to sanitize. I can see the beforeFilter being about 4 lines of code max. Seems pretty painless to me 1) Why don't I need to sanitize. I don't trust this data as it is coming from a form. 2) Would you mind posting these 4 lines of code or pseudo code? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
Data is escaped properly when it is inserted into the db which prevents sql injection. You then escape output so to remove unexpected/ malicious output. 1. function beforeFilter() { 2. if(isset($this-params['form']['json'])) { 3. $this-data = json_decode($this-params['form'] ['json']); 4. } 5. } Ok turns out to be five lines. $this-params['form']['json'] represents the packaged posted json data from GWT. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
Data is escaped properly when it is inserted into the db which prevents sql injection. You then escape output so to remove unexpected/ malicious output. Is there any chance of malicious PHP code inserted as input that would get executed during the massaging of data to get it into $this-data array? 1. function beforeFilter() { 2. if(isset($this-params['form']['json'])) { 3. $this-data = json_decode($this-params['form'] ['json']); 4. } 5. } Ok turns out to be five lines. $this-params['form']['json'] represents the packaged posted json data from GWT. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Decode GWT post into $_POST
No. http://us.php.net/json_decode On Jun 27, 2:54 pm, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Data is escaped properly when it is inserted into the db which prevents sql injection. You then escape output so to remove unexpected/ malicious output. Is there any chance of malicious PHP code inserted as input that would get executed during the massaging of data to get it into $this-data array? 1. function beforeFilter() { 2. if(isset($this-params['form']['json'])) { 3. $this-data = json_decode($this-params['form'] ['json']); 4. } 5. } Ok turns out to be five lines. $this-params['form']['json'] represents the packaged posted json data from GWT. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---