Hello there,
I’ve build my own CMS in PHP but it’s been hacked last night.
When I’m going to a framework like YII, am I safe then? Or should also build my own security in there with login systems etc. (my weak point unfortunately).
Hello there,
I’ve build my own CMS in PHP but it’s been hacked last night.
When I’m going to a framework like YII, am I safe then? Or should also build my own security in there with login systems etc. (my weak point unfortunately).
Copy/paste from Yii features
But how secure will be your CMS really depends on your coding… as much as Yii takes care of some security… you can still use
$select="select username,password from users where username='".$_POST['user']."' and password='".$_POST['pass']."'";
and that we all know is a bad practice… 
Yii will help You make Your code safer but it won’t save you from Your own mistakes. Always validate input, cast variable types from $_GET/$_POST and read PHP Security Guide
Yii was built by a bunch of people who know what they’re doing so you’ll be better of with Yii than on your own (probably 
)
There is a lot of security mechanisms in Yii. See the Security docs chapter
A better way is to bind parameters to the select command… even better is to check the $_POST values…
If you have read the Definitive Guide to Yii you will already noticed that $_POST is not used directly anywhere… so you just need to follow the Yii usages…