Prevent Code injection and Sql/Mysql injection in CAKEphp

what is the best and the simplest way Prevent Code injection and Sql/Mysq开发者_C百科l injection in CAKEphp . Also i would like to know how to prevent Code injection in php

For CakePHP and SQL injection, the only thing you need to do is to use CakePHP's functions instead of writing queries on your own.

Regarding code injection in PHP, this is possible when using user's input to call other scripts or in conjunction with eval() function:

$input = $_REQUEST['page'];
include($input.'.php');

In general you can avoid these problems by assuming an evil user at the other side of the cable: always sanitize user input and never trust your users.

Have a look at the following links as well:

Best way to avoid code injection in PHP

When to do sanitization in CakePHP