- Validate the user input (see below for details).
- Protect (escape) your application output according to context (see below for a few output types, mostly HTML and SQL).
- Test your application in debug mode.
Set the constantYII_DEBUG
to true (by default, it is defined inindex.php
) and put alongsideerror_reporting(E_ALL);
. Then errors and warnings will stop the execution an...