I want to use the CDbCriteira addInCondition () for several input parameters (number is not predefined). Is there a parametric query in this method? I found a controversial idea on this:
- - "Since it uses CDBcricetria, I believe it is safe" - quote.
Apart from this, I have also seen and I have not become clear.
Code of this part:
$ condition = $ column '='. Self: PARAM_PREFIX.self :: $ paramCount; $ This- & gt; Parameter [Self :: PARAM_PREFIX.self :: $ paramCount ++] = $ value; Paramitrated values seem to be stored.
Then in a question builder, it will use them as numerical criteria.
I do this in the script I created myself, I really doubt that (or whatever) it misses and leaves a code injection.
Besides, have you tested? You can add random SQL and see that it is saved.
Comments
Post a Comment