On May 19, 2007, at 12:13 PM, [EMAIL PROTECTED] wrote:
> > Hello all, > I am new to Cake and developing an website with Cake. > Can anyone tell me how can we prevent the sql injection and cross site > scripting with CakePHP? > > What i am doing is, i have defined an function "prepareinput" in which > with the help of functions such addslashes() etc. i am preventing the > bad data to do any harm. > > To show the data i have also defined the function "prepareoutput" in > which i am using the stripslashes() function. > > Now when i got the data from the database with $this->findAll() it > will return the array. > > Can we use the "prepareoutput" function strip the slashes from the > array ? Yes, check out the afterSave callback in your models. > ALSO i there any inbuilt function of Cake with the help of which we > can do this? http://manual.cakephp.org/chapter/sanitize -- John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
