Luke Farrugia
Reputation: 49
Sanitize help on Raw sql
I have some complex queries in my plugin which require me to use the ->query() and not the ->find() methods.
I couldn't understand how to sanitize the raw sql so I guessed someone here can guide me.
So the first step is to include the App:import("sanitize"); before the declaration of the class.
Now let's say I have this :
$query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");
Can some one help me out in sanitizing my query as i got completely lost in the cookbook.
Thanks for your help, it is very much appreciated.
Upvotes: 4
Views: 533
Answers (2)
Jeff Bowie
Reputation: 36
Sanitize::clean is used for values / whole arrays such as $this->data.
$WHERECLAUSE = Sanitize::clean($whereclause, array('escape'));
$query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");
That'll do the trick.
array('escape') is used for SQL statements.
Upvotes: 0
Related Questions
- CakePHP - Sanitize::clean leaving &amp and \n
- How to sanitize user input in Cakephp3 through out the application
- How do you escape SQL data in CakePHP?
- Global data sanitize utility plugin cakephp 2.6
- All Methods of Sanitizing SQL in CakePHP
- CakePHP sanitize parameter
- Sanitizing data / SQL injections in CakePHP
- cakephp escape function or mysql_real_escape_string is not safe?
- CakePHP sanitize utils
- Sanitise data in cakephp