Hello, I know there are a lot of posts already on this, but I could not find anything that really eliminates my confusion about the Sanitize class.
I have a typical content management system application developed in CakePHP 1.1, but never did anything in terms of data sanitation. I have read that CakePHP will escape your data before a query for you, is this true? If so, what is the use of Sanitize? Is the automatic escaping secure enough? I have also hear that in order for automatic data sanitation to be carried out, conditions need to be passed via array to the various model query functions. Is this true? I have been passing my conditions as a string, and I also use Model::query in some places. I tried out Sanitize::cleanArray in various places, and am confused exactly how to use this. For example, if I save some cleaned text content, and then later on do a text search on this content, how would it find things properly in the escaped content? I understand I would escape my text search as well, but it still doesn't seem like this would work. Finally, if I do clean data, how would I reverse the process coming out of the database in a simple manner. I don't think there is a Sanitize::unclean in the API. Any advice you can give would be greatly appreciated. Thank You, Michael --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
