Hi Reader's,
Welcome to FindNerd, today we are going to discuss How to protect CakePhp application against SQL injection in 2.x version?

Basically SQL injection is a technique which is used for attacking to data-driven in a web applications. It is a code injection technique where malicious users can inject the SQL commands /queries into an SQL statement.

So, in other words we can say that  SQL injection is a security taken advantage of a web application in which multiple users adds some Structured Query Language (SQL) code and want to access data from input box and make changes to data. Beacause that SQL query is a request for some action to be performed on a database.

CakePhp already protects the application against the SQL Injection. If we are developing a web application in CakePHP and we are using proper  CakePhp's methods like find() and save() and proper array notation then our database will not be affected by SQL injection.

You can see below example

(array('field' => $value))

Sometime we have to perform manual queries with Model query which will like below:

<?php 
   $this->User->query( 'SELECT username,email FROM users WHERE id = ? AND status = ?', array($id, $status) );
?>

In above example User is a model.

So for protection of the SQL queries against injection we have to import below code in Appcontroller.php

App::import(Sanitize)

We can also put the code in our created controller:-

<?php
    App::import('Sanitize');

      class ABController extends AppController {
      ...
      ...
    }
?>

This function accepts an array (or string) and returns the clean version of an array and prevents from these types of injection attacks.

I hope this blog will be helpful for you.