Just started using yii and was reading through http://www.yiiframework.com/doc/guide/database.dao but I wasnt too sure if I need to escape my sql statements. If so how do I get around the issue of needing a link identifier when I sue mysql_real_escape?
AR and DAO auto escape all bound parameters for you (or more precisely PDO does that). So just make sure you always use parameter binding for any data coming from the outside.