I have a project developed using cakephp 1.3 and for testing I used SQL Inject me addon (firefox)
From cakephp manual , I realized that the save () and find () methods will automatically protect data from SQL injection. But when I run the "SQL injection me" test, I always get crashes as a result.
For example: Results: Server status code: 302 Found Tested value: 1 'AND 1 = (SELECT COUNT (*) FROM tablenames); - Server status code: 302 Found Tested value: '; DESC users; - Server status code: 302 Found Tested value: 1'1
I tried using sakeize cakephp methods, then also get errors in "sql inject me".
Any help?
Code example
$this->data['User'] = Sanitize::clean($this->data['User'], array('encode' => false));
$this->User->save($this->data);
source
share