you dont need to sanitize. I can see the beforeFilter being about 4
lines of code max. Seems pretty painless to me
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups Cake
PHP group.
To post to this group, send email
you dont need to sanitize. I can see the beforeFilter being about 4
lines of code max. Seems pretty painless to me
1) Why don't I need to sanitize. I don't trust this data as it is
coming from a form.
2) Would you mind posting these 4 lines of code or pseudo code?
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
1. function beforeFilter() {
2. if(isset($this-params['form']['json'])) {
3. $this-data = json_decode($this-params['form']
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
Is there any chance of malicious PHP code inserted as input that would
get executed during the massaging of data to get it into $this-data
No.
http://us.php.net/json_decode
On Jun 27, 2:54 pm, [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Data is escaped properly when it is inserted into the db which
prevents sql injection. You then escape output so to remove unexpected/
malicious output.
Is there any chance of malicious PHP
