But I have a problem when I want to insert new data:
$model= new Blog;
if(isset($_POST['Blog'])){
$model->attributes=$_POST['Blog'];
$model->save();
}
Is this OK? Because I don’t know… Its safe? Because I am not using addslahes() blabla. When I’m validating, its not possible to insert some string into integer type, but, what when its string?
It’s not a problem, Yii uses PDO with prepared statements, which escapes everything for you. And if you were using addslashes() instead of mysql_real_escape_string() you were doing it wrong anyway.
CSafeContentBehavior is for XSS, not SQL injection. As long as you use CHtml::encode() for your output this isn’t a problem.