Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Arman Hovhannisyan2020-07-28 15:27:56
Yii
Arman Hovhannisyan, 2020-07-28 15:27:56

Is this search code safe? Are Sql injections possible?

I want to implement a secure search on Yii2, yii\db\Query with a prepared query is not very suitable since there is a lot of related data and you will need to use join in many places, since after the search I will display a lot of related data. The question is whether such a simple method is safe code below :

if (Yii::$app->request->isPost){
            $search = Yii::$app->request->post('search');
            $search = Html::encode($search);
            $shops = Shop::find()->where(['Like', 'name', $search])->orWhere(['Like', 'address', $search])->all();
}

Here is part of the code

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
M
Maxim, 2020-07-28
@Armrisch

Safe)

Report
M
Michael, 2020-07-29
@Nolan81

This is not necessary:
$search = Html::encode($search);
​​, this is only when outputting to the browser

Similar questions
I
Igor2019-12-10 13:10:34
How to get an archive from windows to debian? 4Reply
G
gitdev2017-09-01 17:26:48
Google maps api searchable by street name, how to implement? 1Reply
G
Guins2017-05-28 18:46:30
Why is the red logo displayed in the NavBar? 1Reply
K
Kurper2019-10-29 11:54:10
How to write one query for two tables? 1Reply
V
Vadim2017-05-29 11:58:16
Yii2 backend access for admin only? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question