I don't know about cleaning the query data, but you really should be using cake methods.
Is there any special reason you don't? 2012/10/22 Daniel <[email protected]>: > I do some custom database queries using some values derived from a call to > find. I think I should make these more secure using a security function, > but I am not sure which function to use. Should I use Sanitize or > mysql_real_escape_string, and what parameters should I pass? Here is the > relevant code: > > $user = $this->User->Find('first', array('conditions' => array('User.id' > => $id))); > $username = $user['User']['username']; > $email = $user['User']['email']; > ... > $qry = $this->User->query('UPDATE outemails SET to_user_id=null, > recipient="'.$username. > '" WHERE to_user_id="'.$id.'";'); > $qry = $this->User->query('INSERT INTO delemails (username, email, > blacklisted, created) VALUES ("'. > $username.'","'.$email.'",false,NOW());'); > Thanks. > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > Visit this group at http://groups.google.com/group/cake-php?hl=en. > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php?hl=en.
