Hey all
Just started using yii and was reading through http://www.yiiframework.com/doc/guide/database.dao but I wasnt too sure if I need to escape my sql statements. If so how do I get around the issue of needing a link identifier when I sue mysql_real_escape?
try to avoid using own sql-statements. what about using CActiveRecords?
you don’t need escaping them i think. am i right other guys?
Doesnt work work too well for geospatial queries.
AR and DAO auto escape all bound parameters for you (or more precisely PDO does that). So just make sure you always use parameter binding for any data coming from the outside.