> Data is escaped properly when it is inserted into the db which
> prevents sql injection. You then escape output so to remove unexpected/
> malicious output.
Is there any chance of malicious PHP code inserted as input that would
get executed during the massaging of data to get it into $this->data
array?
> 1. function beforeFilter() {
> 2. if(isset($this->params['form']['json'])) {
> 3. $this->data = json_decode($this->params['form']
> ['json']);
> 4. }
> 5. }
>
> Ok turns out to be five lines. $this->params['form']['json']
> represents the packaged posted json data from GWT.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
