On Monday, October 22, 2012 6:22:54 AM UTC-7, Daniel wrote:
--I do some custom database queries using some values derived from a call to find. I think I should make these more secure using a security function, but I am not sure which function to use. Should I use Sanitize or mysql_real_escape_string, and what parameters should I pass? Here is the relevant code:$user = $this->User->Find('first', array('conditions' => array('User.id' => $id)));
$username = $user['User']['username'];
$email = $user['User']['email'];
...$qry = $this->User->query('UPDATE outemails SET to_user_id=null, recipient="'.$username.
'" WHERE to_user_id="'.$id.'";');
$qry = $this->User->query('INSERT INTO delemails (username, email, blacklisted, created) VALUES ("'.
$username.'","'.$email.'",false,NOW());'); Thanks.
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
No comments:
Post a Comment