On Mon, 31 Jul 2006 02:34:29 -0700
"AD7six" <[EMAIL PROTECTED]> wrote:
> Why use sanitize at all? Data sent to the DB get´s escaped anyway, so
> it´s not exactly necessary. I thought the intention of the sanitize
> class was for example, so you could still escape your custom sql
> queries easily.
I think I tried it because I couldn't see data being escaped on the DB
- perhaps there a config setting I have overlooked?
I decided to test it further. Without calling sanitize from a
beforeSave() function within app_model I entered a javascript string
into an input field, just simple script tag
> I then put code to clean the $this->data array in the app_model to try
> to setup automatic cleaning of all saved data. What I found was that
> because cleanArray() cleans everything without mercy, including html
> encoding on everything, it encoded the hyphens in teh datetime format
> (not the
Hi ianh,
Why use sanitize at all? Data sent to the DB get´s escaped anyway, so
it´s not exactly necessary. I thought the intention of the sanitize
class was for example, so you could still escape your custom sql
queries easily.
If you still want to use sanitize (that means your data is getting
c
