Preventing SQL injections
SQL injection is a type of code injection that uses vulnerability at the database level and allows you to execute arbitrary SQL, allowing malicious users to carry out actions such as deleting data or raising their privileges.
In this recipe, we will see examples of vulnerable code and fix them.
Getting ready
Create a new application by using the Composer package manager, as described in the official guide at http://www.yiiframework.com/doc-2.0/guide-start-installation.html.
Execute the following SQL:
DROP TABLE IF EXISTS `user`; CREATE TABLE `user` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `username` varchar(100) NOT NULL, `password` varchar(32) NOT NULL, PRIMARY KEY (`id`) ); INSERT INTO `user`(`id`,`username`,`password`) VALUES ( '1','Alex','202cb962ac59075b964b07152d234b70'); INSERT INTO `user`(`id`,`username`,`password`) VALUES ( '2','Qiang','202cb962ac59075b964b07152d234b70');
Generate a
Usermodel using Gii.
How to do it...
First, we will implement...
