Sanitize help on Raw sql

Question

I have several complex queries in my plugin that require me to use the methods ->query() , and not ->find() .

I could not figure out how to clear raw sql, so I figured that someone here could help me.

So, the first step is to enable App:import("sanitize"); before class declaration.

Now let's say that I have this:

$query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");

Can someone help me in disinfecting my request as I am completely lost in the cookbook.

Thanks for your help, this is much appreciated.

+4

Luke farrugia Nov 15 '12 at 10:07

2 answers

Nabeel · Answer 1 · 2012-11-15T11:00:49+0000

Use this: Sanitize :: clean ($ query, $ options)

Jeff bowie · Answer 2 · 2013-01-04T22:10:49+0000

Sanitize :: clean is used for values / integer arrays like $ this-> data.

 $WHERECLAUSE = Sanitize::clean($whereclause, array('escape')); $query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");

It will be a trick.

  array ('escape')

used for SQL statements.