mr0no
(Get2sick)
1
I am going through the "Agile Web Application Development With Yii" book.
In the book there’s a piece of code that I don’t understand:
public function actionIndex()
{
$dataProvider=new CActiveDataProvider('Issue', array(
'criteria'=>array(
'condition'=>'project_id=:projectId',
'params'=>array(':projectId'=>$this->_project->id),
),
));
What is line 6 used for?
It passes the parameter (param) to the line above it. Simply a convenience to keep the condition parameter clean and readable.
Matt
andy_s
(Arekandrei)
3
Because
public function actionIndex() {
$dataProvider=new CActiveDataProvider('Issue', array(
'criteria'=>array(
'condition'=>'project_id='.$_GET['project_id'],
),
));
is a big hole for sql injections.
mr0no
(Get2sick)
4
This makes a lot more sense now, thank you.
And it really does make things a little cleaner.