Equivalent mysql_real_escape_string in cakephp

Question

I want to upload a file with blob Field I use a cake framework But I cant use mysql_real_escape_string function Please help me!

See this question for some answers: http://stackoverflow.com/questions/3534243/how-do-you-escape-sql-data-in-cakephp — Simon East, Mar 10 '15 at 22:00

score 3 · Answer 1 · answered Mar 11 '13 at 09:47

3

Generally speaking: You should not have to.

Cake assumes that you will use its ORM and not write SQL directly.

If you bypass that with query() (which says this should only rarely be necessary) then see Data Sanitization (which it links to.

It reveals that you should use:

Sanitize::escape($string, $connection)

answered Mar 11 '13 at 09:47

Quentin

914,110
126
1,211
1,335

Sanitize was removed in 3.x and it seems that it haven't any replacement – Yaroslav Nov 25 '15 at 16:30

score 1 · Answer 2 · answered Mar 11 '13 at 09:49

If you want to use cake for your framework, stop worrying about mysql_real_escape_string. Cake already takes care of this. But I will recommend to have look at Data Sanitization.

**But to allow cake to take care of sql injection, you will have to use ORM methods like save(), find(), saveAll().**

score 0 · Answer 3 · answered Mar 11 '13 at 09:51

0

If you are going to build your own SQL string with CakePHP, then it provides the escape function as: escape(string $string, string $connection)

answered Mar 11 '13 at 09:51

which is highly discouraged !!! – Kishor Kundan Mar 11 '13 at 10:35
Which, sometimes, some external library requires you to escape for them, and I need to "borrow" the existing connection and escape function for the ease. – Lionel Chan Mar 10 '14 at 02:22

Equivalent mysql_real_escape_string in cakephp

3 Answers3