Yii Framework Forum: Trouble With Cdbcriteria Param Binding - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Trouble With Cdbcriteria Param Binding Rate Topic: -----

#1 User is offline   cacard 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 5
  • Joined: 04-August 11

Posted 11 December 2012 - 11:57 AM

Hi everyone,

I'm having a heck of a time getting a simple CDbCriteria condition to work.

The following code will provide the results I'm expecting but is open to SQL injection:


$search = $_GET['search'];

$criteria = new CDbCriteria;
$criteria->condition="name LIKE '%$search%'";

$dataProvider=new CActiveDataProvider('Exercises', array(
					'criteria'=>$criteria,
					));


What I would like to do is utilize the CDbCriteria params in order to help prevent SQL injection. The code I've been using is below but it doesn't return any results:


$criteria = new CDbCriteria;
$criteria->condition="name LIKE '%:search%'";
$criteria->params=array(':search'=>$search);

$dataProvider=new CActiveDataProvider('Exercises', array(
					'criteria'=>$criteria,
					));


I've also tried to set

$criteria->params[':search'] = $search

but that doesn't work either.

Am I doing something wrong here?

Thanks,

Chris
0

#2 User is offline   cacard 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 5
  • Joined: 04-August 11

Posted 11 December 2012 - 12:01 PM

Found the solution in this thread.

solution involves putting the '%....%' within the bind param value.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users