there is some sanitation that is done by the model when data is saved to a database, it is one of the reasons that conditions were moved from the right side to the left side in the way you can specify them. Now is it perfect, is it going to cover all cases, probably not, that is why the sanitize class is there and why this is a framework not a solution.
That being said cake does a lot for you in making sure that you are putting database safe stuff into the database, but there is a lot of crap that people can pull so be careful. Sam D -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ http://blog.samdevore.com/cakephp-pages/my-cake-wont-bake/ http://blog.samdevore.com/cakephp-pages/i-cant-bake/ On Tue, Jun 24, 2008 at 10:05 AM, Perkster <[EMAIL PROTECTED]> wrote: > > Did you ever find the answer to this? I'm still looking... > > On Apr 28, 2:57 pm, "ryanwaggoner.com" <[EMAIL PROTECTED]> > wrote: >> If I'm handling a form submission in a controller, do I need >> tosanitize$this->data or does Cake do that for me? I'm asking because >> if I bake my controllers, Cake is pulling stuff from $this->data and >> doing $this->Model->find() with it. >> >> So my questions are: >> is user data in $this->data sanitized at all? >> are find() parameters sanitized in any way? >> >> Links to the relevant sections of the code would be great. Thanks! > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
