Re: findAll and Sanitize
About some function in FindAll, this might be usefull http://cakebaker.42dh.com/2007/05/22/how-to-use-sql-functions-in-conditions-part-ii/ On May 21, 6:17 pm, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > How are you escaping it now? > > I am not, cake is doing it automatically. > > I have an array of input params that I use to build an array: > $temp[] = "FIND_IN_SET('".(int)$v."',Respcount.responsibilities)"; > > $v is the value that comes from the form. Then I join everything that > is in temp with implode and call find all: > $this->Docket->findAll(implode(' AND ',$temp)); > > When I look at the query the comma in FIND_IN_SET('".(int) > $v."',Respcount.responsibilities) is stripped so the query dies. I > have not looked through the cake code yet, I just assumed it is an > automatic safety measure to avoid sql injections. But in this case I > need the comma. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: findAll and Sanitize
> How are you escaping it now? I am not, cake is doing it automatically. I have an array of input params that I use to build an array: $temp[] = "FIND_IN_SET('".(int)$v."',Respcount.responsibilities)"; $v is the value that comes from the form. Then I join everything that is in temp with implode and call find all: $this->Docket->findAll(implode(' AND ',$temp)); When I look at the query the comma in FIND_IN_SET('".(int) $v."',Respcount.responsibilities) is stripped so the query dies. I have not looked through the cake code yet, I just assumed it is an automatic safety measure to avoid sql injections. But in this case I need the comma. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: findAll and Sanitize
On May 21, 2007, at 9:34 AM, [EMAIL PROTECTED] wrote: > > I am trying to use the Mysql function FIND_IN_SET (it takes 2 > parameters, a sting and a comma seperated list) to do a lookup on some > data using findAll and I am running into an issue of a comma being > striped out I assume by sql escaping. Is there someway to avoid the > escaping? How are you escaping it now? -- John --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
findAll and Sanitize
I am trying to use the Mysql function FIND_IN_SET (it takes 2 parameters, a sting and a comma seperated list) to do a lookup on some data using findAll and I am running into an issue of a comma being striped out I assume by sql escaping. Is there someway to avoid the escaping? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---