How do I block sql injections in CAKEphp

How do I block sql injections from a page like this one...http://u.neighborrow.com/items/recent

CakePHP already protects you against SQL Injection if you use CakePHP's ORM methods (such as find() and save()) and proper array notation (ie. array('field' => $value)) instead of raw SQL. For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display.

This should give you a good idea of how to do it.

App::import('Sanitize'); 
class MyController extends AppController {     ...     ... }

Once you've done that, you can make calls to Sanitize statically.

Related questions

Confused about null strings and DBNull

Subtracting a week from UNIX_TIMESTAMP

Remove duplicate rows on a SQL query [duplicate]

Select all dates between first day of month and current date

How do I perform a LIKE query on a PostgreSQL primary id column?

how to get rowNum like column in sqlite IPHONE

Select date from timestamp SQL

Refresh the form every second

What's the SQL query to list all rows that have 2 column sub-rows as duplicates?

Can I store SQL Server sort order in a variable?

Basic SQL Injections?

In Oracle: how can I tell if an SQL query will cause changes without executing it?

Select Records multiple times from table

Stop Hibernate from updating existing records

How do I get a list of the reports available on any given reporting server?

How to escape single quotes in Oracle? [duplicate]

How can I sort an SQL result but keep some results as special?

Convincing an IT Manager to allow SQL Server instead of Access

What is faster: SqlCommand.Parameters[string] or .Parameters[int]?

How to combine IN operator with LIKE condition (or best way to get comparable results)

How do I block sql injections in CAKEphp

Tags:

sql

sql-injection

cakephp

adam

1 Answers

Keng

Recent Activity

Donate For Us