I have the following method in my CakePHP model:
public function login($login,$password){
$arr = $this->find('first',array(
'conditions' => array(
'deleted' => 0,
'online' => 1,
'login' => $login,
'AES_DECRYPT(UNHEX(password),'secretkey')=\''.$password.'\''
)
));
return $arr;
}
This method accepts two parameters ($login, $password) to authenticate the user.
I am wondering if this method is safe against SQL-Injection and other attacks.
If not, which is the best way to sanitize the input parameters using CakePHP?
I see that the Sanitize Class is deprecated as of 2.4.