Sanitize help on Raw sql

4
votes

I have some complex queries in my plugin which require me to use the ->query() and not the ->find() methods.

I couldn't understand how to sanitize the raw sql so I guessed someone here can guide me.

So the first step is to include the App:import("sanitize"); before the declaration of the class.

Now let's say I have this :

$query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");

Can some one help me out in sanitizing my query as i got completely lost in the cookbook.

Thanks for your help, it is very much appreciated.

2
sqlcakephpsanitize

2 Answers

1
votes

Use this: Sanitize::clean($query, $options)

0
votes

Sanitize::clean is used for values / whole arrays such as $this->data. 

$WHERECLAUSE = Sanitize::clean($whereclause, array('escape'));
$query = $this->Mytable->query("SELECT * FROM mytable WHERE " . $WHERECLAUSE . ";");

That'll do the trick. 

array('escape')