Thursday, September 30, 2010

Re: Do I need to use sanitize?

Thanks.

I'm just sending plain text emails, so that should be fine.

Sharon

On 30 Sep, 06:04, "Dr. Loboto" <drlob...@gmail.com> wrote:
> I personally never user Sanitize as don't want to break user-entered
> data. Instead of it I use h() to escape all text on HTML output. On
> save to database also nothing needed as Cake properly escape data
> itself. So if you send HTML emails you need just escape user-entered
> text and that's all.
>
> On Sep 29, 11:43 pm, WhyNotSmile <sharongilmor...@gmail.com> wrote:
>
> > I'm creating a website which has a few forms, and wondering whether I
> > need to use Sanitize for those.  In each case, there are a few text
> > boxes which accept input from visitors; that information gets emailed
> > to a central address.  Nothing is stored in the database.
>
> > Do I need to use sanitize for that, or is it mainly for times when the
> > form data is going into the database?
>
> > I also wasn't completely clear on the documentation about sanitize -
> > it says Cake automatically uses it for saving and reading, but does
> > that include 'find' functions, and do I have to include
> > App::import('Sanitize'); to make it work (i.e. it's automatic once
> > it's included)?
>
> > Thanks!

Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions.

You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en

No comments: