is it been validated in the Model, e.g. when this us called: $whatever = $this->User->read( null, $id);
Is that enought so I can be sure that its an int? if( bccomp($id, intval($id), 3) != 0 ) die( __ ( "We couldn't find this Shop.",true) ); thx Aurelius On 16 Mrz., 05:36, "Dr. Loboto" <[email protected]> wrote: > No one checked your $id. It is insecure. Anyone can call your action > ashttp://domain.com/controller/editorhttp://domain.com/controller/edit/013 > orhttp://domain.com/controller/edit/kill%20your%20app > > On Mar 16, 1:04 am, Aurelius <[email protected]> wrote: > > > Hi! > > > When I have a function like > > function edit($id = null) { ... } > > is the $id already checked against hacking and can only be a integer > > or is it unsecure? > > > thx > > Aurelius --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
