Home/ Questions/Q 7991447
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T13:17:35+00:00

I am trying to sanatize the input using mysql-real-escape-string before i save the data

  • 0

I am trying to sanatize the input using mysql-real-escape-string before i save the data into my database using CakePHP. And i get the following error

mysql_real_escape_string() [function.mysql-real-escape-string]: Access
denied for user ‘nobody’@’localhost’ (using password: NO)

My Code:

public function admin_videos($id = null) {
        if(!($this->isLogged() && $this->isAuthorized())) {
            $this->redirect(array('controller' => 'users', 'action' => 'login', 'admin' => true));
        }
        if ($this->request->is('post')) {
            $this->request->data['MovieVideo']['video'] = mysql_real_escape_string($this->request->data['MovieVideo']['video']);
            $this->request->data['MovieTrailer']['video'] = mysql_real_escape_string($this->request->data['MovieTrailer']['video']);
            if ($this->Movie->saveAll($this->request->data)) {
                $this->Session->setFlash('The movie has been saved', 'admin/flash_success');
                $this->redirect(array('action' => 'index'));
            } else {
                $this->Session->setFlash('The movie could not be saved. Please, try again.', 'admin/flash_error');
            }
        } else {
          $this->request->data = $this->Movie->find('first', array('conditions' => array('Movie.id' => $id), 'contain' => array('MovieTrailer', 'MovieVideo')));
        }
    }
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    From the docs:

    CakePHP already protects you against SQL Injection if you use CakePHP’s ORM methods (such as find() and save()) and proper array notation (ie. array(‘field’ => $value)) instead of raw SQL.

    So forget about manually calling mysql_real_escape_string().

    • 0