This is an archived copy of the forum for reference purposes
question
posted by
dao27
9 years ago
fRequest::encode('q') this function protect for sql injection?
You'll notice the documentation says is passes values through fHTML::encode(), which is used to escape values for HTML. To prevent SQL injection, please see the fDatabase#EscapingDataSecurity documentation.