Is SQL injection or hacking possible in the Yii web application?

Question

I am new in Yii. I want to know is SQL injection or any hacking possible in the Yii web application? If possible how to avoid that problem?

Answer 1

Yes. The saying "Security is insecurity." is a big issue in web security.

Everything is hack-able, but it depends on the security of system & performance of the device trying to hack. If the hacker trying to hack a website by a Normal PC may takes Millions of year, but using a Quantum Computer may break within a second.

In case of web application build from Yii PHP Framework, it may also be hack-able. Some how this framework provides strong security measures.

Answer 2

Yes. Any "hacking" is possible in any web application.

Because no software makes an application safe, but a programmer. Yii is only a tool, but how to use it is entirely up to one who uses it.

So, you have to learn how to use Yii and technology and security basics in general. Without such education that cannot be done by means of asking and answering just one question, one cannot create a safe application.

To make this answer not entirely off topic, as long as you're using Yii ActiveRecord, you can consider your code SQL injection safe, because AR takes the trouble of creating SQL queries for you.

Answer 3

Yeah. It depends to the programmer how he/she use the code, If executed correctly.. Try to read the document of Yii, they show it how to use the code properly and to make it anti sql injection.