When data is saved to DB Cake properly escape it so no problem with SQL Injection and no need to sanitize before.
When data is displayed using of h() function will "secure" it enough. With such approach you face problems only when allow users post HTML (for example, with WYSIWYG editor). In this case nor h() nor Sanitize can save you as both of them cannot be used in such case. On Nov 18, 4:07 am, "Dave" <[email protected]> wrote: > I have asked a few questions about data sanitization and got different > responses. > Some people say just don't sanitize and use echo h() other say always > sanitize. > Books say never trust what the user enters so always clean data before > saving. > > I know every app has different requirements but as a general rule what do > you do? > > Just looking for feedback as to different methods for each baker. > > Thanks > > Dave -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
