Dmitry, use updateAll() for your task.
For other custom queries using query() you need to sanitize data manually. On Apr 13, 1:10 am, Dmitry Shevchenko <[email protected]> wrote: > Hi everyone! > > As I read documentation Cake automatically clean user input and we can > use save() and find() with aprameters without any worries. > > But, what if we need to use sometning like this > $this->MyController->query("UPDATE photos SET profile_pic='1', status > = 'public' WHERE id=".$id." AND profile_id=".$this->Session- > > >read('Profile.id')); > > where $id is taking from $this->data... > > Do we need to call saitize->clean() or mysql_real_escape_string() each > time to clean param, or someone knew correct way to use this globally. > > Thanks Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en To unsubscribe, reply using "remove me" as the subject.
