Reputation: 38382
Sanitise data in cakephp
I want to sanitize data in cakephp but i am facing a problem. i have a form with a date field . When i tried to sanities all the data the date looses it's mysql format and is stored in the db as a rubbish data(1970-01-01) but if i remove the sanitize it works fine
i tried the following
function beforeSave()
{
$this->data = Sanitize::clean($this->data);
return true;
}
i also tried this and this works but it defeats the purpose
function beforeSave()
{
$date = $this->data['Cabinet']['date_of_inspection'];
$this->data = Sanitize::clean($this->data);
$this->data['Cabinet']['date_of_inspection'] = $date;
return true;
}
what is the way out
Upvotes: 1
Views: 1119
Answers (2)
Reputation: 38382
$this->data = Sanitize::clean($this->data, array('encode' => false) solved the problem. i agree with what Jamal Aziz/Cakephp says
Upvotes: 1
Reputation: 710
From CakePHP Manual :
CakePHP already protects you against SQL Injection if you use CakePHP's ORM methods (such as find() and save()) and proper array notation (ie. array('field' => $value)) instead of raw SQL. For sanitization against XSS its generally better to save raw HTML in database without modification and sanitize at the time of output/display.output/display.
Upvotes: 7
Related Questions
- How to sanitize user input in Cakephp3 through out the application
- Global data sanitize utility plugin cakephp 2.6
- CakePHP sanitize parameter
- Sanitizing data / SQL injections in CakePHP
- How do I automate data sanitization of linked models in CakePHP
- Sanitize help on Raw sql
- CakePHP sanitize utils
- Cakephp Security and Sanitize in Views
- CakePHP: Sanitizing data when sending to Model::find
- When to do sanitization in CakePHP