This is an archived copy of the forum for reference purposes

question

posted by dao27 9 years ago

fRequest::encode('q') this function protect for sql injection?

You'll notice the documentation says is passes values through fHTML::encode(), which is used to escape values for HTML. To prevent SQL injection, please see the fDatabase#EscapingDataSecurity documentation.

posted by wbond 9 years ago