Menu
How do I block sql injections from a page like this one...http://u.neighborrow.com/items/recent
996
CakePHP already protects you against SQL Injection if you use CakePHP's ORM methods (such as find() and save()) and proper array notation (ie. array('field' => $value)) instead of raw SQL. For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display.
This should give you a good idea of how to do it.
App::import('Sanitize');
class MyController extends AppController { ... ... }
Once you've done that, you can make calls to Sanitize statically.
178
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
