This article is called extended guide is because there is already a security guide in the Yii tutorial security section. but that guide is not complete in the sense that it does not rise the developers' attention to some other commonly happening attacks: SQL injection and magic URL, which can be major vulnerabilities in your application without much caring.
To extend the functionality of you web application relative to your requirements you are supposed to use existing yii core libraries or use external libraries. There are some steps to ensure security, uniqueness, modularity, performance and to avoid rework in future.
Sometimes the active form we wish to use to edit/add a new element on our database is too small and we believe that is much better to use an AJAX'ed dialog/slide form rather than reloading the page to just display one or two fields.
In this guide I will explain best practise regarding performance in MySQL, PHP and of course our loved Yii Framework. Since this is a complex topic, I will start with some basics and then expand this guide from time to time. Since this wiki can become big, you may click on View history - there you can see what changes have been made, so you don't miss anything.