Hi guys,
I have a question regarding mysql injection, basically how to protect against it
So I know that before saving a model, prevention is taken against injection by Yii. I have also read somewhere that "prepared statements" also does this out of the box (?).
I have tried using the mysql_real_escape_string function, but get the error complaining about username/password NO. In this case I got the app->db and set the connection to active (and some other options) to get a connection, because I think that is the problem. Got an idea about how to open a db connection to be able to run the function?
And, when using CDbCriteria->params, is it safe regarding injection? Any best practices when it comes to this issue and Yii?
Any thoughts are appreciated
Ole M