I am new to cakephp and security. I have read that security is built

Question

0

Asked: May 30, 20262026-05-30T19:36:45+00:00 2026-05-30T19:36:45+00:00

I am new to cakephp and security. I have read that security is built

0

I am new to cakephp and security. I have read that security is built in for protection from MySQL injection if you follow cake’s conventions, but can someone tell me if my save() will be safe without manually calling the Security class?

function edit($id) {
 $this->set('title', 'Edit your property');
 $this->Unit->id = $id;    
 if (empty($this->data)) {        
$this->data = $this->Unit->read();    
} else { 

    if ($this->Unit->saveAll($this->data)) {            
        $this->Session->setFlash('Your property has been updated.');            

        }   
}
}

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-30T19:36:47+00:00

CakePHP will quote the data for you. Unless you are using a method similar to:

$this_year = date('Y-m-d h:i:s', strtotime('-1 year'));

$this->Baker->updateAll(
    array('Baker.approved' => true),
    array('Baker.created <=' => $this_year)
);

which takes SQL literals, you are safe and must not quote the data yourself to avoid getting the quotes in the data. Source: http://book.cakephp.org/2.0/en/models/saving-your-data.html

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I am new to cakephp and security. I have read that security is built

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply