Category: Validation

Q: Cakephp 2 how to escape special characters to prevent SQL injection?

Hi, 

I'd like to know in Cakephp 2 how to escape special characters to prevent SQL injection?

For example:

//input
$this->request->data['Model']['name'];  // name = 'John "Doe"'

I want name field in post data be prevented from SQL injection before saving into database, so that in database:

 id    name
---------------
  1   John Doe

Many thanks

SOLVED sql injection
3 Answers

Version: 2.8

user
Harper

5

Harper:

Cakephp takes care of it.

Check this link.

Ksmacky
Ksmacky

30

Use Sanitize Utility class:

App::uses('Sanitize', 'Utility');

//in controller
$clean = Sanitize::escape($dirty);
Accepted by Harper

Use Regex

$this->request->data['Model']['name'] = preg_replace("/[^a-z]+/i", "", $this->request->data['Model']['name']);
Kristi
Kristi

137

Created: 19 Sep '16

Last Reply: 25 Sep '16

Replies: 3

Views: 813

Votes: 3

Welcome to Aero Coding!

Aero Coding is a CakePHP-focused Q&A community for professional and enthusiast cake bakers. It's built and run by you as part of the community.


Join Now Tour

Download Cakephp

Start baking your own CakePHP application!


Cakephp All Versions