Im now still learning YII on blog tutorial and curious with some code.
on this link
http://www.yiiframework.com/doc/blog/1.1/en/prototype.auth
there is code like this
<?php
class UserIdentity extends CUserIdentity
{
private $_id;
public function authenticate()
{
$username=strtolower($this->username);
$user=User::model()->find('LOWER(username)=?',array($username));
if($user===null)
$this->errorCode=self::ERROR_USERNAME_INVALID;
else if(!$user->validatePassword($this->password))
$this->errorCode=self::ERROR_PASSWORD_INVALID;
else
{
$this->_id=$user->id;
$this->username=$user->username;
$this->errorCode=self::ERROR_NONE;
}
return $this->errorCode==self::ERROR_NONE;
}
public function getId()
{
return $this->_id;
}
}
and i curious with some code.
?>
at the end line of the code?$user=User::model()->find('LOWER(username)=?',array($username));
why using LOWER(username)=?
not LOWER(username)=
. WHy there is need ?
, is this some query conditional that i didn't know yet maybe??>
is not really needed, according to this link:
The closing tag of a PHP block at the end of a file is optional, and in some cases omitting it is helpful when using include() or require(), so unwanted whitespace will not occur at the end of files, and you will still be able to add headers to the response later. It is also handy if you use output buffering, and would not like to see added unwanted whitespace at the end of the parts generated by the included files.
the ?
is related to SQL syntax as seen from here. Also the second answer here says that:
The question mark represents a parameter that will later be replaced. Using parameterized queries is more secure than embedding the parameters right into the query.