- Validate the user input (see below for details).
- Protect (escape) your application output according to context (see below for a few output types, mostly HTML and SQL).
- Test your application in debug mode.
Set the constant
YII_DEBUGto true (by default, it is defined in
index.php) and put alongside
error_reporting(E_ALL);. Then errors and warnings will stop the execution an...