I'm dealing with an Yii 1.1 app.
Part of the search method use CDbCriteria
and raw sql.
I was wondering how can I still use the raw sql code and make it more secure from sql injections?
Here is a code example:
if (!empty($this->textToSearch)) {
$text_condition = <<<EOC
(
topic LIKE "%{$this->textToSearch}%" OR
main LIKE "%{$this->textToSearch}%" OR
)
EOC;
$criteria->addCondition($text_condition);
}
Any suggestions?