what is the best and the simplest way Prevent Code injection and Sql/Mysql injection in CAKEphp . Also i would like to know how to prevent Code injection in php
+2
A:
For CakePHP and SQL injection, the only thing you need to do is to use CakePHP's functions instead of writing queries on your own.
Regarding code injection in PHP, this is possible when using user's input to call other scripts or in conjunction with eval() function:
$input = $_REQUEST['page'];
include($input.'.php');
In general you can avoid these problems by assuming an evil user at the other side of the cable: always sanitize user input and never trust your users.
Have a look at the following links as well:
http://stackoverflow.com/questions/38875/best-way-to-avoid-code-injection-in-php
http://stackoverflow.com/questions/2168089/when-to-do-sanitization-in-cakephp
Anax
2010-09-07 05:54:46