Cakephp 3.0 Sql Injection Protection

1.7k Views Asked by Amit Dangwal At 04 April 2025 at 13:47

how to protect my code of Cakephp 3.0 against sql injection. Cook book just give me the idea that we should use column name or user data directly but dont know how to do it??

Original Q&A

There are 2 best solutions below

Spriz On 19 December 2016 at 14:41

Not entirely true @doonot: You can expose yourself, if you're using some of the more "advanced" parts of the ORM:

While the ORM and database abstraction layers prevent most SQL injections issues, it is still possible to leave yourself vulnerable through improper use. When using the expression builder, column names must not contain user data:

Source: CakePHP Cookbook section on "SQL Injection Prevention"

nimrod On 19 December 2016 at 09:50

CakePHP already comes with SQL injection prevention if you are using the default ORM provided by them:

CakePHP comes with built-in tools for input validation, CSRF protection, Form tampering protection, SQL injection prevention, and XSS prevention, helping you keep your application safe & secure..

Source: CakePHP.org

Cakephp 3.0 Sql Injection Protection

There are 2 best solutions below

Related Questions in CAKEPHP

Related Questions in CAKEPHP-3.0

Related Questions in SQL-INJECTION

Trending Questions

Popular # Hahtags

Popular Questions