Set debug to 1. With debug=2 you see SQL log and this addon see there strings it sent.
On Dec 9, 5:38 pm, Binu <[email protected]> wrote: > Hi, > > I have a project developed using cakephp 1.3 and for testing I used > SQL Inject me addon > (firefox)https://addons.mozilla.org/en-US/firefox/addon/7597/ > > From cakephp manual, what I understood is, the save() and find() > methods will automatically protect the data from SQL injection. But > while running "SQL inject me" test, I am always getting failures as > result. > > For ex: > Results: Server Status Code: 302 > Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- > Server Status Code: 302 > Found Tested value: '; DESC users; -- > Server Status Code: 302 > Found Tested value: 1'1 > > I have tried with cakephp sanitize methods, then also I am getting the > errors in "sql inject me". > > Any help ? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
