17
votes

Assuming i have

$_POST["x"]["y"] = 5;

how can i

Yii::app()->request->getPost('x[y]');

how can i retrieve the post variable by index ? and is there any yii function that checks for sql injection ? does the getPost do that check ?

Thank you .

5
I am not familiar with yii, but couldnt you do Yii::app()->request->getPost('x')['y']? (Note this only works with 5.4, if < 5.4 you will need to do $x = Yii::app()->request->getPost('x'); $val = $x['y'] - Kris
i don't think sql injection prevention will be performed this way if the function getPost cleans the var from injectors ? - Rami Dabain
Like I said I am not familiar with yii, but I am pretty certain that the getPost function will not prevent sql injection. Looks like the source code for this function is github.com/yiisoft/yii/blob/1.1.12/framework/web/… and it does nothing for sql injection. Read yiiframework.com/wiki/275/how-to-write-secure-yii-applications/… for how to prevent sql injection - Kris

5 Answers

32
votes

I am not familiar with yii, but looking at the source code for the function https://github.com/yiisoft/yii/blob/1.1.12/framework/web/CHttpRequest.php

You would do

$x = Yii::app()->request->getPost('x');
$y = $x['y'];

The getPost function WILL NOT prevent sql injection. Please read http://www.yiiframework.com/wiki/275/how-to-write-secure-yii-applications/#hh11 for more information on securing your yii application

10
votes

Yii2

$x = Yii::$app->request->post('x');
2
votes

With model Test it's look like this

$test = new Test();
$test->attributes = Yii::app()->request->getPost('x');   
$y = $test->getAttribute('y');
-1
votes
> My controller 
>     public function mi(){
>         echo "Hola MI Controlador!";
>         // in login scenario
> 
>         $request = Yii::app()->request->getPost('nombre');
>         print_r($request);
> 
> 
>         //$this->render('index',array('nombre',$post));
>     }