Category: Validation

Q: Cakephp 2 how to escape special characters to prevent SQL injection?

Hi, 

I'd like to know in Cakephp 2 how to escape special characters to prevent SQL injection?

For example:

//input
$this->request->data['Model']['name'];  // name = 'John "Doe"'

I want name field in post data be prevented from SQL injection before saving into database, so that in database:

 id    name
---------------
  1   John Doe

Many thanks

SOLVED sql injection
3 Answers

Version: 2.8

user
Harper

5

Harper:

Cakephp takes care of it.

Check this link.

Ksmacky
Ksmacky

30

Use Sanitize Utility class:

App::uses('Sanitize', 'Utility');

//in controller
$clean = Sanitize::escape($dirty);
Accepted by Harper

Use Regex

$this->request->data['Model']['name'] = preg_replace("/[^a-z]+/i", "", $this->request->data['Model']['name']);
Kristi
Kristi

137