On 31 Ott, 11:29, "Dardo Sordi Bogado" <dardoso...@gmail.com> wrote:
> > If I would sanitaze my input from javascript code?
>
> No, you need to escape whenever you send dynamic content to de user
> (though the form helper will escape the inputs values), use the
> builtin h() function.
>
> echo h($comment['Comment']['content']);
>
> If you want to strip the tags or other bad content and avoid it from
> beign stored (they will be escaped by the dbo layer but will get
> inserted in the db anyway) you need to use Sanitize::clean() or
> Sanitize::strip<What>() where what is any of Tags, Images, Scripts,
> Whitespace, All.
>
> HTH,
> - Dardo Sordi.
>
>
>
> > On 30 Ott, 18:57, Gwoo <gwoo.cake...@gmail.com> wrote:
> >> The DBO layer handles proper escaping of your data to prevent SQL
> >> injection. You do not need to use Sanitize unless you are doing
> >> something out of the ordinary.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com
For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
Friday, October 31, 2008
Re: Question about Data Sanitation in CAKEPHP
Ok Many Thanks
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment