Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Arman Hovhannisyan2020-07-28 15:27:56
Yii
Arman Hovhannisyan, 2020-07-28 15:27:56

Is this search code safe? Are Sql injections possible?

I want to implement a secure search on Yii2, yii\db\Query with a prepared query is not very suitable since there is a lot of related data and you will need to use join in many places, since after the search I will display a lot of related data. The question is whether such a simple method is safe code below :

if (Yii::$app->request->isPost){
            $search = Yii::$app->request->post('search');
            $search = Html::encode($search);
            $shops = Shop::find()->where(['Like', 'name', $search])->orWhere(['Like', 'address', $search])->all();
}

Here is part of the code

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Maxim, 2020-07-28
@Armrisch

Safe)

Report
M
Michael, 2020-07-29
@Nolan81

This is not necessary:
$search = Html::encode($search);
​​, this is only when outputting to the browser

Similar questions
S
seacjs2020-01-21 14:55:54
Why does Yii2 ListView spawn new items in the list? 2Reply
A
Alexander Bulatov2017-08-03 12:44:35
Outputting a multi-level menu from a database in Yii2? 2Reply
M
Maxim Timofeev2015-08-28 19:31:49
How to get array via hasMany relationship? 2Reply
L
lilwings2020-01-08 03:23:36
Yii2 editing news with photo? 0Reply
C
CodeBuilder2015-08-31 22:39:49
Yii2 pretty Url Advanced adds controller name to URL, what am I doing wrong?? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question