If you filter and validate the data before saving it to the database, then theres no need for Sanitization... unless you allow them to use HTML.
On Nov 17, 3:00 pm, Marcelo Andrade <[email protected]> wrote: > On Tue, Nov 17, 2009 at 7:07 PM, Dave <[email protected]> wrote: > > I have asked a few questions about data sanitization and got different > > responses. > > Some people say just don't sanitize and use echo h() other say always > > sanitize. > > Books say never trust what the user enters so always clean data before > > saving. > > I think you said all. Never trust data from the user. I vote for always > sanitize. You never know when you'll face a "Bobby Tables" user. > > http://xkcd.com/327/ > > Best regards. > > -- > MARCELO DE F. ANDRADE > Belem, PA, Amazonia, Brazil > Linux User #221105 -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
