Yii Framework Forum: sql injection prevention - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

sql injection prevention How can i avoid sql injection Rate Topic: -----

#1 User is offline   Ragnar 10 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 1
  • Joined: 12-November 17

Posted 12 November 2017 - 03:53 PM

How can i sanitize this:

$expire_criteria = new CDbCriteria;
$expire_criteria->addCondition("name LIKE '%$search%'");
$expire_criteria->addCondition("approvedStatus = '1'");
$products = Products::model()->find($expire_criteria);
0

#2 User is offline   alrazi 

  • Elite Member
  • Yii
  • Group: Moderators
  • Posts: 1,495
  • Joined: 08-August 12
  • Location:Durban, South Africa

Posted 12 November 2017 - 11:56 PM

// replace your condition with search condition
$expire_criteria->addCondition("name LIKE '%$search%'");

// like so
$expire_criteria->addSearchCondition("name", $search);

1

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users