Help
Hey all
Just started using yii and was reading through http://www.yiiframew...de/database.dao but I wasnt too sure if I need to escape my sql statements. If so how do I get around the issue of needing a link identifier when I sue mysql_real_escape?
Page 1 of 1
do i need to escape sql queries?
Rate Topic:
#2
- Junior Member
-
- Group: Members
- Posts: 39
- Joined: 20-July 10
Posted 20 July 2010 - 02:23 PM
try to avoid using own sql-statements. what about using CActiveRecords?
you don't need escaping them i think. am i right other guys?
you don't need escaping them i think. am i right other guys?
#3
- Newbie
- Group: Members
- Posts: 8
- Joined: 20-July 10
Posted 20 July 2010 - 02:46 PM
The Awsome, on 20 July 2010 - 02:23 PM, said:
try to avoid using own sql-statements. what about using CActiveRecords?
you don't need escaping them i think. am i right other guys?
you don't need escaping them i think. am i right other guys?
Doesnt work work too well for geospatial queries.
#4
- Elite Member
-
- Group: Members
- Posts: 2,993
- Joined: 06-October 08
- Location:Upper Palatinate
Posted 21 July 2010 - 02:01 AM
AR and DAO auto escape all bound parameters for you (or more precisely PDO does that). So just make sure you always use parameter binding for any data coming from the outside.
Share this topic:
Page 1 of 1