What is the“'condition'=>'project_id=:projectId',”？what is the meaning of “：”？

Question

I don’t know What is the“'condition'=>'project_id=:projectId',”？what is the meaning of “：”？ In another word why we should put the “：” in front of the projectId. the code is as below.

public function actionIndex()
    {
        $dataProvider=new CActiveDataProvider('Issue',array(
            'criteria'=>array(
                'condition'=>'project_id=:projectId',
                'params'=>array(':projectId'=>$this->_project->id),
            ),
        ));

Possible duplicate of [Can PHP PDO Statements accept the table or column name as parameter?](https://stackoverflow.com/questions/182287/can-php-pdo-statements-accept-the-table-or-column-name-as-parameter) — Mike Doe, Dec 06 '18 at 07:40

Virginia · Answer 1 · 2018-12-06T07:36:47.867

1

The way I understand your code snippet, this has to do with escaping query parameters / prepared SQL statements. This prevents SQL injection. In your example, :projectId in condition is another way of saying "Please replace this :projectId with the escaped value of :projectId ($this-_project->id) from params when executing this query".

edited Dec 06 '18 at 07:36

answered Dec 06 '18 at 07:30

Virginia

717
2
6
15

What is the“'condition'=>'project_id=:projectId',”？what is the meaning of “：”？

1 Answers1