Re: findAll and Sanitize
About some function in FindAll, this might be usefull
http://cakebaker.42dh.com/2007/05/22/how-to-use-sql-functions-in-conditions-part-ii/
On May 21, 6:17 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:
> > How are you escaping it now?
>
> I am not, cake is doing it automatically.
>
> I have an array of input params that I use to build an array:
> $temp[] = "FIND_IN_SET('".(int)$v."',Respcount.responsibilities)";
>
> $v is the value that comes from the form. Then I join everything that
> is in temp with implode and call find all:
> $this->Docket->findAll(implode(' AND ',$temp));
>
> When I look at the query the comma in FIND_IN_SET('".(int)
> $v."',Respcount.responsibilities) is stripped so the query dies. I
> have not looked through the cake code yet, I just assumed it is an
> automatic safety measure to avoid sql injections. But in this case I
> need the comma.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: findAll and Sanitize
> How are you escaping it now?
I am not, cake is doing it automatically.
I have an array of input params that I use to build an array:
$temp[] = "FIND_IN_SET('".(int)$v."',Respcount.responsibilities)";
$v is the value that comes from the form. Then I join everything that
is in temp with implode and call find all:
$this->Docket->findAll(implode(' AND ',$temp));
When I look at the query the comma in FIND_IN_SET('".(int)
$v."',Respcount.responsibilities) is stripped so the query dies. I
have not looked through the cake code yet, I just assumed it is an
automatic safety measure to avoid sql injections. But in this case I
need the comma.
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~--~~~~--~~--~--~---
Re: findAll and Sanitize
On May 21, 2007, at 9:34 AM, [EMAIL PROTECTED] wrote: > > I am trying to use the Mysql function FIND_IN_SET (it takes 2 > parameters, a sting and a comma seperated list) to do a lookup on some > data using findAll and I am running into an issue of a comma being > striped out I assume by sql escaping. Is there someway to avoid the > escaping? How are you escaping it now? -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
findAll and Sanitize
I am trying to use the Mysql function FIND_IN_SET (it takes 2 parameters, a sting and a comma seperated list) to do a lookup on some data using findAll and I am running into an issue of a comma being striped out I assume by sql escaping. Is there someway to avoid the escaping? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
