Reputation: 1768
cakephp - sql injection test always shows failure
I have project developed using cakephp 1.3 and for testing I used SQL Inject me addon (firefox)
From cakephp manual, what I understood is, the save() and find() methods will automatically protect the data from SQL injection. But while running "SQL inject me" test, I am always getting failures as result.
For ex: Results: Server Status Code: 302 Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Found Tested value: '; DESC users; -- Server Status Code: 302 Found Tested value: 1'1
I have tried with cakephp santize methods, then also I am getting the errors in "sql inject me".
Any help ?
Sample code
$this->data['User'] = Sanitize::clean($this->data['User'], array('encode' => false));
$this->User->save($this->data);
Upvotes: 5
Views: 1796
Answers (1)
Reputation: 5481
How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon
that error shows that the sql injection has been prevented. You don't need Sanitize for SQL injection, but for XSS.
Upvotes: 7
Related Questions
- How to prevent SQL Injection in parameters with CakePHP
- Sql injection and updateall cakephp issue
- Cakephp 3.0 Sql Injection Protection
- How do I block sql injections in CAKEphp
- All Methods of Sanitizing SQL in CakePHP
- Error: SQLSTATE[42000]: Syntax error or access violation with cakePHP
- Debugging SQL in controller
- CakePHP returning False on successful query
- SQL Injection at CakePHP 2.0
- Cakephp SQL Error: 1064: