in the database there are categories, there are types. each type belongs to its category. using gii, generated a TypeController controller, in which the index method passes all types as an object of the CActiveDataProvider class to a view. let's say I want to choose types belonging to a certain category. thus, in the CActiveDataProvider object I add to the parameters of the array('criteria'=>array('condition'=>'category_id='.$id) . is it correct to do so in the criteria and is there a threat to sql injection when passing parameters to the CDbCriteria object? thank you in advance
heleg heleg
193 five 21
|
1 answer
Use CDbCriteria params , then the code will look something like this:
array( 'condition' => 'category_id = :cid', 'params' => array(':cid' => $id), ); 
Mobyman mobyman
939 five 17
- just thought, since yii asks for pdo, there must be such a thing. just did not find something. thanks - heleg
|