working with CDbCriteria in a safe way

Yii 1.1 General Discussion
1

I have a question about CDbCriteria public methods. Which of the below lines are safe?Has Yii 1.1.x a built-in validation for these public method of CDbCriteria that we don’t need to validate user $_GET parameter?


addBetweenCondition($column, $_GET[‘test1’], $_GET[‘test2’],$operator='AND');//is safe?

addColumnCondition($columns,$columnOperator='AND',$operator='AND'); //is safe?

addCondition($condition=”…value=$_GET[‘test1’]…”,$operator='AND'); //is safe?

addInCondition($column, $_GET[‘test1’],$operator='AND'); //is safe?

addSearchCondition($column, $_GET[‘test1’],$escape=true,$operator='AND',$like='LIKE'); //is safe?

compare($column, $_GET[‘test1’], $partialMatch=false, $operator='AND', $escape=true); //is safe?

Thanks

2

If you’re using values it’s safe because it’s then converted to PDO prepared statements and values are bound. If it’s table names or you’re concatenating condition strings, you’re not safe.

3

Thanks a lot