Cake's DB layer (i.e. DboSource and its children) sanitizes everything
before passing it to your database.
- Jamie
On Dec 11, 6:29 am, "Dave Maharaj" <m...@davemaharaj.com> wrote:
> When passing an id / slug thru a url for delete is there any security
> precautions to add?
>
> Example
>
> Function delete ($id) {
>
> $this->Model->deleteAll(array(Model.id => $id, Model.owner =>
> $this->Auth->user('id')));
>
> }
>
> So I pretty much always use deleteAll so its got multiple values of checking
> rightful owner / permission to delete but I'm more curious about the passing
> of the actual $id since anyone can pass anything they want as an $id if they
> want to get smart and mess with your site. So what should you do? Any added
> precautions? Sanitize:: the slug / id?
>
> Thanks,
>
> Dave
Check out the new CakePHP Questions site http://cakeqs.org and help others with
their CakePHP related questions.
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscr...@googlegroups.com For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
