I do some custom database queries using some values derived from a call to
find. I think I should make these more secure using a security function,
but I am not sure which function to use. Should I use Sanitize or
mysql_real_escape_string, and what parameters should I pass? Here is the
relevant code:
$user = $this->User->Find('first', array('conditions' => array('User.id'
=> $id)));
$username = $user['User']['username'];
$email = $user['User']['email'];
...
$qry = $this->User->query('UPDATE outemails SET to_user_id=null,
recipient="'.$username.
'" WHERE to_user_id="'.$id.'";');
$qry = $this->User->query('INSERT INTO delemails (username, email,
blacklisted, created) VALUES ("'.
$username.'","'.$email.'",false,NOW());');
Thanks.
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en.
