On May 19, 2007, at 4:10 PM, John David Anderson (_psychic_) wrote:
> > > On May 19, 2007, at 12:13 PM, [EMAIL PROTECTED] wrote: > >> >> Hello all, >> I am new to Cake and developing an website with Cake. >> Can anyone tell me how can we prevent the sql injection and cross >> site >> scripting with CakePHP? >> >> What i am doing is, i have defined an function "prepareinput" in >> which >> with the help of functions such addslashes() etc. i am preventing >> the >> bad data to do any harm. >> >> To show the data i have also defined the function "prepareoutput" in >> which i am using the stripslashes() function. >> >> Now when i got the data from the database with $this->findAll() it >> will return the array. >> >> Can we use the "prepareoutput" function strip the slashes from the >> array ? > > Yes, check out the afterSave callback in your models. Err, afterFind, that is. :) -- John --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
