For starters, the filter when recording saves you from sql injection.
Second, the reading usually predominates over the recording, so it is better to filter while recording.
On the other hand, filtering the record in the database, you lose the primary format. And if you change the filter, the data to encode does not work.
Well, this time: if a user edits his account, he needs to give exactly what he typed. Conclusion: partially need to filter to convert the recording, partially to filter when displaying, and when editing should return the original version.
retha.Bode answered on March 19th 20 at 08:47
To do this, yii has validation rules that can specify what type is expected.
The same quote
All the SQL queries, the framework protects the prepared statements PDO, if they themselves do not compose the query by concatenation. No problems with it.