Re: Making database queries secure

I don't know about cleaning the query data, but you really should be
using cake methods.

Is there any special reason you don't?

2012/10/22 Daniel <danwgrace@gmail.com>:
> I do some custom database queries using some values derived from a call to
> find. I think I should make these more secure using a security function,
> but I am not sure which function to use. Should I use Sanitize or
> mysql_real_escape_string, and what parameters should I pass? Here is the
> relevant code:
>
> $user = $this->User->Find('first', array('conditions' => array('User.id'
> => $id)));
> $username = $user['User']['username'];
> $email = $user['User']['email'];
> ...
> $qry = $this->User->query('UPDATE outemails SET to_user_id=null,
> recipient="'.$username.
> '" WHERE to_user_id="'.$id.'";');
> $qry = $this->User->query('INSERT INTO delemails (username, email,
> blacklisted, created) VALUES ("'.
> $username.'","'.$email.'",false,NOW());');
> Thanks.
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To post to this group, send email to cake-php@googlegroups.com.
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
>
>

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To post to this group, send email to cake-php@googlegroups.com.
To unsubscribe from this group, send email to cake-php+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.