Hi!
Simple question, with DAO how do you bind the table name, like parameters with bindParam?
Table name is an input from the user, and I want to prevent injection.
Thanks!
Hi!
Simple question, with DAO how do you bind the table name, like parameters with bindParam?
Table name is an input from the user, and I want to prevent injection.
Thanks!
The only right way in this situation is to use "whitelist" or quote table name http://www.yiiframework.com/doc/api/1.1/CDbSchema#quoteTableName.