On Feb 1, 10:50 am, José Pablo Orozco Marín <[EMAIL PROTECTED]>
wrote:
> Cake automatically escapes data in db queries - you are already> protected
> against sql injection. xss etc is a different matter, and is
> > an example of where sanitize fits in.
>
> Just a few questions:
>
> 1. If create a search form that is searching for user input, in the
> controller do i needt to sanitize the data befor to use findAll?
>
> 2. Do i have to use the following code before to save, delete or
> find?http://bin.cakephp.org/saved/20459
No, cake automatically handles/escapes. But, make sure, your
"conditions" params are in array format; otherwise sanitize doesn't
apply (AFA*I*K)
--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
