Yii: Is this the right way to work with models, security issues?

A

Almik Oh! Give me a guitar2015-04-22 10:30:19

Yii

Almik Oh! Give me a guitar, 2015-04-22 10:30:19

Hello!
There is an application which saves the entered data of the user in a DB.
Code example

$newVisit = new MYMODEL();
      $newVisit->SERVICEID = $serviceId;
      $newVisit->VISITEDDATE = new CDbExpression('sysdate');
      $newVisit->NAME = $_POST['name'];
      $newVisit->COST = $_POST['amount'];
      $newVisit->TERM = $_POST['term'];
      $newVisit->USERID = $_POST['uid'];
      $newVisit->save();

The question is, is this save method safe, or is it better to work directly with PDO?
If my question seems trivial to you, I'm sorry to understand, I'm not special in this matter.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Roman Frank, 2015-04-22
@Akellacom

Certainly safe, especially since the model has validation rules.

S

Sergey, 2015-04-22
@butteff

If you write rules () in the model to validate the received data, then in theory there should be no other data there, only those that have passed validation. Therefore, it is quite safe, but depends on your prescribed rules.

A

Artem, 2015-04-22
@peakweb

Why not $model->load(Yii::$app()-request->post())?