Yii Framework Forum: do i need to escape sql queries? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

do i need to escape sql queries? Rate Topic: -----

#1 User is offline   thiswayup 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 20-July 10

Posted 20 July 2010 - 10:20 AM

Hey all
Just started using yii and was reading through http://www.yiiframew...de/database.dao but I wasnt too sure if I need to escape my sql statements. If so how do I get around the issue of needing a link identifier when I sue mysql_real_escape?
0

#2 User is offline   NewToYii 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 39
  • Joined: 20-July 10

Posted 20 July 2010 - 02:23 PM

try to avoid using own sql-statements. what about using CActiveRecords?
you don't need escaping them i think. am i right other guys?
0

#3 User is offline   thiswayup 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 8
  • Joined: 20-July 10

Posted 20 July 2010 - 02:46 PM

View PostThe Awsome, on 20 July 2010 - 02:23 PM, said:

try to avoid using own sql-statements. what about using CActiveRecords?
you don't need escaping them i think. am i right other guys?


Doesnt work work too well for geospatial queries.
0

#4 User is offline   Mike 

  • Elite Member
  • PipPipPipPipPip
  • Yii
  • Group: Members
  • Posts: 3,013
  • Joined: 06-October 08
  • Location:Upper Palatinate

Posted 21 July 2010 - 02:01 AM

AR and DAO auto escape all bound parameters for you (or more precisely PDO does that). So just make sure you always use parameter binding for any data coming from the outside.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users