Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to protect CakePhp application against Sql injection in 2.x version?

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 1.13k
    Comment on it

    Hi Reader's,
    Welcome to FindNerd, today we are going to discuss How to protect CakePhp application against SQL injection in 2.x version?

    Basically SQL injection is a technique which is used for attacking to data-driven in a web applications. It is a code injection technique where malicious users can inject the SQL commands /queries into an SQL statement.

    So, in other words we can say that  SQL injection is a security taken advantage of a web application in which multiple users adds some Structured Query Language (SQL) code and want to access data from input box and make changes to data. Beacause that SQL query is a request for some action to be performed on a database.

    CakePhp already protects the application against the SQL Injection. If we are developing a web application in CakePHP and we are using proper  CakePhp's methods like find() and save() and proper array notation then our database will not be affected by SQL injection.

    You can see below example

    (array('field' => $value))

    Sometime we have to perform manual queries with Model query which will like below:

    <?php 
       $this->User->query( 'SELECT username,email FROM users WHERE id = ? AND status = ?', array($id, $status) );
    ?>

    In above example User is a model.

    So for protection of the SQL queries against injection we have to import below code in Appcontroller.php

    App::import(Sanitize)

    We can also put the code in our created controller:-

    <?php
        App::import('Sanitize');
    
          class ABController extends AppController {
          ...
          ...
        }
    ?>

    This function accepts an array (or string) and returns the clean version of an array and prevents from these types of injection attacks.

    I hope this blog will be helpful for you.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: