The best way to secure your update and insert queries? Use the proper model
interface, i.e. save(), saveAll(), etc.
On Monday, October 22, 2012 6:22:54 AM UTC-7, Daniel wrote:
>
> I do some custom database queries using some values derived from a call to
> find. I think I should make these more secure using a security function,
> but I am not sure which function to use. Should I use Sanitize or
> mysql_real_escape_string, and what parameters should I pass? Here is the
> relevant code:
>
> $user = $this->User->Find('first', array('conditions' => array('User.id'
> => $id)));
> $username = $user['User']['username'];
> $email = $user['User']['email'];
> ...
> $qry = $this->User->query('UPDATE outemails SET to_user_id=null,
> recipient="'.$username.
> '" WHERE to_user_id="'.$id.'";');
> $qry = $this->User->query('INSERT INTO delemails (username, email,
> blacklisted, created) VALUES ("'.
> $username.'","'.$email.'",false,NOW());');
> Thanks.
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en.
