exactly this is quite a bad example! use find() and you will have at least a secure query...
On 8 Aug., 04:19, "Ma'moon" <[email protected]> wrote: > The only thing that i can see that worth the concern is using $this > ->params['form']['username'] and also $this->User->query() , its been > clearly stated in the cook book that using "query" instead of "find" will > make you go with your own to prepare the SQL statement that you wish to > execute, i would recommend using $this->data instead of $this->params and > also using $this->User->find instead of $this->User->query to stay in the > safe side. > > > > > > > > On Sat, Aug 6, 2011 at 5:09 PM, Neil !!! <[email protected]> wrote: > > I found a way to workout correctly but bit worried about security. > > help me guys.... > > here is a link on which i found a way to a article to check username > > availability... > > >http://www.instatutorial.com/check-username-availability-using-jquery... > > > -- > > Our newest site for the community: CakePHP Video Tutorials > >http://tv.cakephp.org > > Check out the new CakePHP Questions sitehttp://ask.cakephp.organd help > > others with their CakePHP related questions. > > > To unsubscribe from this group, send email to > > [email protected] For more options, visit this group > > athttp://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
