Yes - it is for this reason that I call the function in
beforeValidate, because an isUnique query using unchanged data which
then gets changed is not ideal. My approach with usernames and
passwords is to say by the field what characters are not allowed and
then confirm what got saved to the DB in
Quite a conundrum... If the function is called beforeSave() then the
input is not sanitized before being used for validation. Could be an
issue when using isUnique() as the database is queried at validation
time using unsanitized input data. Could this be a candidate for SQL
injection?
--~--~---
Interesting point. Perhaps it would be better if the function gets
called beforeSave() instead?
On Apr 30, 12:47 pm, gmwebs <[EMAIL PROTECTED]> wrote:
> How would I echo the sanitized input in my form rather than the
> unsanitized input? If a user were to input non-alphanumeric characters
> in a
How would I echo the sanitized input in my form rather than the
unsanitized input? If a user were to input non-alphanumeric characters
in a username on a registration page for instance, the input is
sanitized before validation which means the form validates and the
data is saved, but the user will
No worries - let me know how the function works out for you and any
improvements you think might be warranted. Ian
On Apr 30, 11:01 am, gmwebs <[EMAIL PROTECTED]> wrote:
> Thanks Ian...
>
> I had the return true in the beforeValidate() but I was trying
> something in beforeSave() and had neglecte
Thanks Ian...
I had the return true in the beforeValidate() but I was trying
something in beforeSave() and had neglected to put the return true in
there. It works fine now.
Regards,
Graham
--~--~-~--~~~---~--~~
You received this message because you are subscrib
Hi Graham - thanks for giving the function a whirl. If you can still
see the data after sanitization then the most obvious thing to ask is
are you calling it correctly? It must look like this:
function beforeValidate()
{
$this->__sanitize($this->data);
return true;
}
It is vital that the bef
Hi Ian,
I had a go using your __sanitize() function and while the actual
sanitization is working, I don't seem to be able to save my model. If
I view the input before calling __sanitize() in beforeValidate() and
then after, it proves that the inputs are sanitized just as expected.
Unfortunately t
http://pastebin.co.uk/13204
Usage:
Place method in your app_model and call with the beforeValidate
callback also placed in your app_model
function beforeValidate()
{
$this->__sanitize($this->data);
return true;
}
In every model of your app include the var $allowedChars = array()
Hey Ian,
That code looks pretty nice, could you post the newer version you
mentioned?
Cheers;
Poncho
On Apr 15, 2:41 pm, "ianh" <[EMAIL PROTECTED]> wrote:
> There is
> this:http://groups.google.co.uk/group/cake-php/browse_thread/thread/6257c7...
> which gives a method you could work from. I ha
There is this:
http://groups.google.co.uk/group/cake-php/browse_thread/thread/6257c749081c4adc/01514bd32d4055ab?lnk=gst&q=sanitize+beforeValidate&rnum=2&hl=en#01514bd32d4055ab
which gives a method you could work from. I have developed it a little
more since, so if that look useful let me know and
Hello all,
I'm trying to automatically sanitize and reformat phone and fax
numbers, so I knocked these model methods together but Ican't seem to
get it working.
function formatPhoneNumbers()
{
if(isset($this->data[$this->name]) && count($this->data[$this-
>name])) {
$this
12 matches
Mail list logo
