Ah, thank you very much. I'm use to having to explicitly say I need something escaped before it's done, and it confused me that it was done automaticly :|
On May 14, 3:07 am, "Dr. Loboto" <[email protected]> wrote: > When you pass variables to model function normally (as in your > example) Cake properly escape values. When Cake put POST data into > controller's $this->data it respects magic_quotes settings and always > put clean values there. You should not want anything other. > > BTW, 'adsf\'\'\'' is the proper way to pass asdf''' value into SQL > query. When you first sanitize asdf''' and then pass it to find() you > receive wrong query because of double escaping. > > On May 14, 11:29 am, Misplacedme <[email protected]> wrote: > > > I'm a cake noob, so if this is obvious, I apologize. > > > I have a form, and when it's submitted, I grab a username out of the > > database using this line. > > $this->User->find('all', array( 'conditions' => array('User.username' > > => $this->data['User']['username']), 'fields' => array > > ('User.password') ) ); > > > As a test, I put asdf''' in the username field. > > > I have debug turned to 2 if I remember right, and it outputs the > > following query. > > SELECT `User`.`password`, `User`.`id` FROM `users` AS `User` WHERE > > `User`.`username` = 'adsf\'\'\'' > > > I checked, and I have magic quotes off. If print_r $this->data or > > $_POST, username is still asdf'''; > > > I tried the sanitize::escape function, and got this line. > > SELECT `User`.`password`, `User`.`id` FROM `users` AS `User` WHERE > > `User`.`username` = 'adsf\\\'\\\'\\\'' > > > So, what I need to know is if cake is automaticly cleaning my > > variables when I use it in a find, how to fix it. > > Or, if I have some setting that I don't know about set that I need to > > fix. > > Or, if the debug menu escapes everything but leaves the query alone. > > > Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
