The Sanitize methods are for operating on text only and won't do your binary data any good at all. Binary data should be safe to insert into your database because it won't be interpreted as instructions (which are text only).
I won't discount it completely, as I've seen some pretty amazingly clever hacks. But, unless the data could somehow be interpreted as text you should be fine. I think this question would be better posed on a list dedicated to whichever database you're using if you want to be sure. On Wed, Mar 26, 2008 at 10:15 PM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Iam creating a system that stores files in a database, I would like to > know if there is no problem in not sanitizing bynary data, I exclude > some type of extensions like .exe .zip and others in the upload > process. Can someone make a SQL injection or some kind of attack > uploading binary data that it is not Sanitized. > > Iam using cakePHP and I have used the Sanitize::escape function to > sanitize my data but it transforms binary data and it is unreadable > when I try to download it again. > How can I solve this problem? > > Thanx in advance > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
