get获取方式防止SQL注入(localhost/index.php?r=home/index&id=1;drop%20table%20user;--)
namespace app\controller;
use app\models\User;
public function actionIndex()
{
$request = \Yii::$app->request;
$id = $request->get('id');
$sql = 'select * from user where id=:id';
$res = User::findBySql($sql,[':id' => $id])->all();
return $this->render('index');
}
$query = Yii::$app->db->createCommand('select * from users where id=:id AND state=:state')
->bindValue(':id',$_GET['id'])
->bindValue(':state',1)
->queryOne();