Does CakePHP check inputs to see if they are valid and not injections? If not, how would I go about implementing functions to check inputs? Most of Cake's processes are done behind the scenes, so I'm unsure of where I would do that.
+1
A:
You can use the sanitize class in the controller to prevent against sql injections, specifically the escape method.
Check here for more details:
http://book.cakephp.org/view/153/Data-Sanitization
To give a quick example for posted input:
if(!empty($this->data)
{
App::import('Sanitize');
$this->data['Model']['dirtyInput'] = Sanitize::escape($this->data['Model']['dirtyInput', 'default');
}
Also, check out the clean method for a way to clean both HTML and sql injections from your whole $this->data array
JoeyP
2010-04-24 23:15:11
+4
A:
CakePHP's ORM functionality automatically cleans up any input to prevent SQL injection.
Veeti
2010-04-24 23:16:02
…unless noted otherwise, see for example `updateAll()` http://book.cakephp.org/view/75/Saving-Your-Data
deceze
2010-04-25 02:48:48