# |
Oct 22nd 2019, 10:54 |
neon1024 |
Don’t do that. |
# |
Oct 22nd 2019, 10:45 |
dev.cyrusjayson |
how to do it in insert and update? This is my current code $output = $this->con->execute("INSERT INTO users (email, password)VALUES('$email', '$haspassword')"); |
# |
Oct 22nd 2019, 10:39 |
jotpe |
Or the Identity Object? |
# |
Oct 22nd 2019, 10:38 |
jotpe |
Is there a way to access the Authentication Service from the Authentication Plugin within a Table class? https://book.cakephp.org/authentication/1.1/en/identity-object.html#the-identity-object |
# |
Oct 22nd 2019, 10:00 |
dev.cyrusjayson |
@neon1024 I love you man! :kissing_heart: :P |
# |
Oct 22nd 2019, 09:59 |
neon1024 |
If you know the scalar type expected |
# |
Oct 22nd 2019, 09:58 |
neon1024 |
You can still do a little sanitization by casting values and such though |
# |
Oct 22nd 2019, 09:58 |
neon1024 |
https://book.cakephp.org/3.0/en/orm/query-builder.html#sql-injection-prevention |
# |
Oct 22nd 2019, 09:57 |
neon1024 |
`$this->Examples->find()->where(['thing' => $this->getRequest()->getData('something')])` |
# |
Oct 22nd 2019, 09:57 |
neon1024 |
As long as they’re assigned as array values |
# |
Oct 22nd 2019, 09:57 |
neon1024 |
The ORM will sanitize things for you |
# |
Oct 22nd 2019, 09:55 |
dev.cyrusjayson |
it is an API |
# |
Oct 22nd 2019, 09:55 |
david |
when I validate an input, the Form helper add the "Form.errorClass" to the input. But if I validate a select multiple, it doesn't add de "Form.errorClass" to the select. I am looking at the templates (https://api.cakephp.org/3.8/source-class-Cake.View.Helper.FormHelper.html#79-171) but I don't know how to do that |
# |
Oct 22nd 2019, 09:54 |
dev.cyrusjayson |
I know it is not nice. |
# |
Oct 22nd 2019, 09:54 |
dev.cyrusjayson |
in cake 2 there is a module call sanitize and they removed it in 3. any alternative that I can do something like this $email = CleanerSample($this->request->data['email']) |
# |
Oct 22nd 2019, 09:53 |
alexdd55976 |
@dev.cyrusjayson you could iterate and clean things up or validate againt some madeup validation rules |
# |
Oct 22nd 2019, 09:50 |
dev.cyrusjayson |
Guys, I accept parameters and directly put in my query builder so it is vulnerable in SQL Injection. is there a way to clean the $this->request->data in the middleware or appcontroller.php ? "$this->request->data['email']" 3.4.13 |
# |
Oct 22nd 2019, 09:07 |
jotpe |
Thank you :slightly_smiling_face: |
# |
Oct 22nd 2019, 09:06 |
jotpe |
ok |
# |
Oct 22nd 2019, 09:06 |
savant |
that’ll be more or less instant |
# |
Oct 22nd 2019, 09:06 |
savant |
import it into a temporary table and execute sql to do two table renames in a single statement |
# |
Oct 22nd 2019, 09:05 |
savant |
so ingest that data once a week or whatever |
# |
Oct 22nd 2019, 09:05 |
jotpe |
Yes, they're known in advance. But i don't want end up managing zip code data, if something changes |
# |
Oct 22nd 2019, 09:05 |
admad |
use a db table and update from time to time as required |
# |
Oct 22nd 2019, 09:04 |
admad |
ditto |
# |
Oct 22nd 2019, 09:04 |
savant |
if they are known in advance, i’d probably have them in a database so I can do a quick lookup |
# |
Oct 22nd 2019, 09:01 |
jotpe |
Off-Cake Question: Do you use a Lib or Service to resolve zip codes to cities (especially german postleitzahlen)? |
# |
Oct 22nd 2019, 08:33 |
admad |
*none |
# |
Oct 22nd 2019, 08:32 |
admad |
no besides 2.10 in 2.x series |
# |
Oct 22nd 2019, 08:31 |
tokam |
how about 2.1.1? |
# |
Oct 22nd 2019, 08:30 |
admad |
2.9 won't have any new bugfix release |
# |
Oct 22nd 2019, 08:30 |
admad |
okay, like i said upgrade to latest 2.10.x and if issue persists submit a bug report |
# |
Oct 22nd 2019, 08:30 |
tokam |
but this is not enough. |
# |
Oct 22nd 2019, 08:29 |
tokam |
I tries to do this validation with if ( (!isset($this->_values[$this->name][$firstName]) |
# |
Oct 22nd 2019, 08:29 |
tokam |
and be also backwards compatible |
# |
Oct 22nd 2019, 08:29 |
tokam |
and if I use an api that manages cookies, the API should do that. |
# |
Oct 22nd 2019, 08:29 |
tokam |
it comes from $_COOKIES |
# |
Oct 22nd 2019, 08:29 |
tokam |
no |
# |
Oct 22nd 2019, 08:28 |
admad |
you should validate user input |
# |
Oct 22nd 2019, 08:27 |
tokam |
$this->_values[$this->name][$firstName] |
# |
Oct 22nd 2019, 08:27 |
tokam |
Some user had this value in this variable |