1

I have a problem with sanitization. In AppController I'm using Sanitization utility but It doesn't work. When I want to call my update It fails because of ' slash in my input text. I'm using CakePHP 2.3.6.

function beforeFilter(){
    if(!empty($this->data)){
        App::uses('Sanitize', 'Utility');
        $this->request->data = Sanitize::clean($this->data, array('remove_html'=>true,'encode'=>false,'unicode'=>false,'backslash'=>true, 'escape'=>false));
    }
}

Controller code:

$this->ClientProfile->updateAll(
    array('ClientProfile.location'=>"'".$this->User->data['ClientProfile']['location']."'"),
    array('ClientProfile.user_id'=>$userdata['id'])
);

Any ideas?

4

1 回答 1

0

尝试使用 Sanitize::escape() 而不是 Sanitize::clean()。正如文档中所写,

消毒::escape()

使字符串 SQL 安全。

您也可以将数据清理直接移动到 updateAll() 方法调用。通过这样做,您将知道 updateAll() 方法将获取经过清理的数据,无论脚本的其他部分中的这些数据发生了什么。

于 2013-10-03T18:35:37.560 回答