CakePHP already makes any user input save in save functions (with the exception of updateAll).
My general rule of thumb, is not to filter user input on save, but on display. This way you can see which users are trying malicious code and take action accordingly. On Nov 23, 1:12 am, robustsolution <[email protected]> wrote: > you may sanitize somtimes, but you should always validate inputs > (forms... urls http requests) -- You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/cake-php?hl=.
