I'm using createCommand in Yii Framework and I want to know about use bindValue for the params, Ex:
Yii::app()->db->createCommand()
->update('table', array(
'field'=>'$valuefield',
), 'id_table=:id_table', array(':id_table'=>$id_table));
In this case, the value of $valuefield and $id_table are protected? Or I should create the sql query manually and pass the parameters with bindValue?
Thank you!
In this case, the value of $valuefield and $id_table are protected?
Yes. Method update automaticly binds array's values passed in second param. And also you manualy bind param for condition. To prevent SQL injection always use binding.