Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Protecting your CakePhp application against Sql injection

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 2.77k
    Comment on it

    SQL injection is a technique where malicious users can inject the SQL commands /queries into an SQL statement, resulting in false input of the web page and the security of a web application.


    Eventually CakePhp already protects the application against the SQL Injection if you are using the CakePhp's methods like find() and save() and proper array notation (ie. array('field' => $value))


    Still, it is sometimes necessary to perform manual queries, which can be done with Model::Query.


     $this->MyModel->query( 'SELECT name FROM users WHERE id = ? AND status = ?', array($id, $status) ); 
    

    So import the below code in Appcontroller.php for protection of the SQL queries against injection:-

    App::import(Sanitize). 
    

    Or putting the same on your created controller:-

    App::import('Sanitize');
    class XyzController extends AppController {
        ...
        ...
    }
    

    This function takes an array (or string) and returns the clean version of an array and prevents from these types of attacks.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: