Kohana v3 automatically avoids illegal characters?

Question

Kohana v3 automatically avoids illegal characters?

The quick question is, does Cohan (version 3) automatically delete the data that is passed to ORM :: factory ..... (and everywhere that is related to the database)?

For instance:

$thread = ORM::factory('thread', $this->request->param('id'));

Was the data passed in the second argument autoexperted before they appear in the SQL query, or will I have to do this manually? Probably a stupid question, and it's better to be safe than sorry, but yes ... I usually delete data manually, but I want to know if Cohan does this for me?

thanks

+4

security sql database php kohana-3

Imdom May 02, '10 at 20:04

source share

1 answer

Will vousden · Accepted Answer · 2010-05-02T21:57:59+0000

He automatically escaped. The only scenario when you need to worry about escaping is if you write your own SQL and insert your data directly (for example, by concatenating), which you should not do. The usual ways to query a database in Cohan are parameterized queries (if you need to provide SQL yourself), query constructor and ORM, all of which the handle slips for you.

Kohana v3 automatically avoids illegal characters?

More articles: