[Solved] Sql injections may be possible

Question

It is difficult to ans your query without source code, but still try this:

Try binding parameters which you pass in query instead of directly passing in it.
for example:

$query = UserMaster::model()->findAll(’email = :email ‘, array(‘:email’ => “[email protected]”));

Here email id is binded in an array, this will prevent sql injection to much extent.

Accepted Answer

It is difficult to ans your query without source code, but still try this:

Try binding parameters which you pass in query instead of directly passing in it.
for example:

$query = UserMaster::model()->findAll(’email = :email ‘, array(‘:email’ => “[email protected]”));

Here email id is binded in an array, this will prevent sql injection to much extent.