Hi,
I’m just wondering what the best practise with Yii is to validate GET attributes that are being used to filter results. If you take a look at my action index controller below, you will see I’m filtering results by the month and year.
public function actionIndex()
{
if(isset($_GET['filter_month']) && isset($_GET['filter_year']))
{
$filter_month = $_GET['filter_month'];
$filter_year = $_GET['filter_year'];
$dataProvider=new CActiveDataProvider('Log', array(
'criteria'=>array(
'condition'=>"user_id='".Yii::app()->user->id."' AND (YEAR(date)='$filter_year' AND MONTH(date)='$filter_month')",
),
));
} else
{
$dataProvider=new CActiveDataProvider('Log', array(
'criteria'=>array(
'condition'=>'user_id='.Yii::app()->user->id,
),
));
}
$this->render('index',array(
'dataProvider'=>$dataProvider,
));
}
So what would be the best way to validate $filter_month and $filter_year to safeguard against XSS etc?
Thanks!