Validating multilanguage data in CakePHP

Question

I have a site develop in cakephp 2.3. Into my site a user can create products in every language: American, Italian, Japanese, Russian, etc.
Is it necessary to secure data or CakePHP automatically do this?

I have this model for example:

class Product extends AppModel {
    public $name = 'Product'; 
    public $validationDomain = 'validation_errors';
        public $validate = array(
           'name' => array(
          'not_empty' => array(
            'rule'=> 'notEmpty',
            'message'=> 'No empty'  
           ),
          'string' => array(
            'rule'=> 'alphanumeric',
            'message'=> 'Alphanumeric'  
                )
            ),
                 )
        );
}

My goal is that the string can contain blank space, -, _, and maybe a japanese or russian character.

Do I need to make some validation function to do that because the string can contain be almost everything?

I don't know how a multi language field is secure in CakePHP.

You don't [prevent SQL injection](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) by validating input. You prevent it by not embedding user input in SQL statements without quoting it first. (_Note: I wrote this comment before the question was edited to remove any mention of SQL injection._) — Ilmari Karonen, Jan 02 '13 at 23:00
The question is: is secure to not validate data in cakephp like for multilanguage field? — Alessandro Minoccheri, Jan 02 '13 at 23:03

score 1 · Accepted Answer · answered Jan 04 '13 at 12:26

By 'secure', I assume you mean SQL injection? CakePHP automatically escapes values when performing database operations, provided you use the built-in model query methods properly. So yes, I think it's secure.

http://book.cakephp.org/2.0/en/models/retrieving-your-data.html

http://book.cakephp.org/2.0/en/models/saving-your-data.html

http://book.cakephp.org/2.0/en/models/deleting-data.html

Validating multilanguage data in CakePHP

1 Answers1