Cakephp 3.0 Sql Injection Protection

1.7k Views Asked by Amit Dangwal At 19 December 2016 at 05:16

how to protect my code of Cakephp 3.0 against sql injection. Cook book just give me the idea that we should use column name or user data directly but dont know how to do it??

Original Q&A

There are 2 best solutions below

nimrod On 19 December 2016 at 09:50

CakePHP already comes with SQL injection prevention if you are using the default ORM provided by them:

CakePHP comes with built-in tools for input validation, CSRF protection, Form tampering protection, SQL injection prevention, and XSS prevention, helping you keep your application safe & secure..

Source: CakePHP.org

Spriz On 19 December 2016 at 14:41

Not entirely true @doonot: You can expose yourself, if you're using some of the more "advanced" parts of the ORM:

While the ORM and database abstraction layers prevent most SQL injections issues, it is still possible to leave yourself vulnerable through improper use. When using the expression builder, column names must not contain user data:

Source: CakePHP Cookbook section on "SQL Injection Prevention"

Cakephp 3.0 Sql Injection Protection

There are 2 best solutions below

Related Questions in CAKEPHP

Related Questions in CAKEPHP-3.0

Related Questions in SQL-INJECTION

Trending Questions

Popular # Hahtags

Popular Questions