sql injection prevention

Viking10 · November 12, 2017, 8:53pm

How can i sanitize this:

$expire_criteria = new CDbCriteria;

			&#036;expire_criteria-&gt;addCondition(&quot;name LIKE '%&#036;search%'&quot;);


			&#036;expire_criteria-&gt;addCondition(&quot;approvedStatus = '1'&quot;);


			&#036;products = Products::model()-&gt;find(&#036;expire_criteria);

alirz23 · November 13, 2017, 4:56am


// replace your condition with search condition

$expire_criteria->addCondition("name LIKE '%$search%'");


// like so

$expire_criteria->addSearchCondition("name", $search);