Looking back over my last reply I think I might have sounded a bit rude, sorry about that
I did the search as you said and found one instance of the function, but was not able to make sense of it. I did do some googling and found this page though: http://grahambird.co.uk/cake/ quote from page: What will Cake do for me? Some of the things Cake does so you don’t have to: * [...] * automatically escapes data saved to the database (to prevent SQL injection attacks) That's all I needed to know. Thanks for the help anyways On Jun 6, 8:50 pm, "b logica" <[EMAIL PROTECTED]> wrote: > Huh? Is it too difficult to open the file and search for the word 'escape'? > > I agree that Cake's inner workings are bloody mysterious, but if > you're using PHP--period--"you should very well know" how to search a > file for a method. > > On Fri, Jun 6, 2008 at 10:31 PM, Turnquist, Jonah <[EMAIL PROTECTED]> wrote: > > > If you are using cakephp and publish websites to the internet, you > > should very well know if it is secure. My question is do I have to do > > something to the data before saving it to the database manually to > > keep it mysql injection safe or does cake take care of that? > > > For instance do I need to use mysql_real_escape_string() with cake? > > > I will look at the code too but as I can barely code with cake at > > this point I doubt I will be able to understand it's inner workings > > very well at this point either. > > > Thanks guys, > > Jonah > > > On Jun 6, 5:18 pm, "b logica" <[EMAIL PROTECTED]> wrote: > >> All of the various database frontends are in > >> cake/libs/model/datasources/dbo/ > > >> On Fri, Jun 6, 2008 at 4:18 PM, Turnquist, Jonah <[EMAIL PROTECTED]> wrote: > > >> > Thank you! That was exactally what I was looking for. That should > >> > work nicely. > > >> > Still looking for the answer to this question though: > > >> > Also, does cakephp take care of mysql injection checking automagically > >> > or do I have to call mysql_real_escape_string for everything > >> > manually? Or is there something else? > > >> > Thanks, > >> > Jonah > > >> > On Jun 6, 7:02 am, Daniel Hofstetter <[EMAIL PROTECTED]> wrote: > >> >> Hi Jonah, > > >> >> > Problem: > >> >> > What if data is sent through that should NOT be stored in table? How > >> >> > do I stop that? For example, say I had a column named > >> >> > "do_not_store_data_here" in the table. For some reason I do not want > >> >> > any data stored there. I can't think of any particular cases where I > >> >> > would want to do that at the moment but just go with me. > > >> >> > I am asking how can I stop people from injecting data into there? I > >> >> > mean, they could easily inject it by sending post data with the key > >> >> > data[Script][do_not_store_data_here]. > > >> >> Have a look at the third parameter of Model::save(), it allows you to > >> >> specify the fields which can be written. > > >> >> Hope that helps! > > >> >> -- > >> >> Daniel Hofstetterhttp://cakebaker.42dh.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
