Sometimes the active form we wish to use to edit/add a new element on our database is too small and we believe that is much better to use an AJAX'ed dialog/slide form rather than reloading the page to just display one or two fields.
This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
Countries sometimes change their laws pertaining to timezones and daylight saving times. This means that GMT+2 can be a different time this August compared to last August! However, by using php's DateTime class (instead of timestamps), we can do both "format" and "timezone" conversions on a single DateTime object (only 2 lines of code) for date, time, timestamp and datetime types - while php takes care of nightmares such as current and historical timezones and daylight saving times.
I've seen lot of people struggling in finding a way to hide the script name when installing their Yii Application. In an Apache environment everything is well documented in this wiki article, but for those who are running their app on a Windows Server machine there are no hints.