B CakePHP 2.x Cookbook

Language:

en
- pt
- es
- ja
- fr
- zh

Version:

This document is for a version of CakePHP that is no longer supported. Please upgrade to a newer release!

Improve This Doc

Page Contents

Data Sanitization

Data Sanitization¶

The Sanitize class is deprecated as of 2.4, and will be removed in CakePHP 3.0. Instead of using the Sanitize class you can accomplish the same tasks using other parts of CakePHP, native PHP functions, or other libraries.

Input filtering¶

Instead of using the destructive input filtering features of Sanitize class you should instead apply more thorough Data Validation to the user data your application accepts. By rejecting invalid input you can often remove the need to destructively modify user data. You might also want to look at PHP’s filter extension in situations you need to modify user input.

Accepting user submitted HTML¶

Often input filtering is used when accepting user-submitted HTML. In these situations it is best to use a dedicated library like HTML Purifier.

SQL Escaping¶

CakePHP handles SQL escaping on associated array values provided to Model::find() and Model::save(). In the rare case you need to construct SQL by hand using user input you should use Prepared Statements.