Find and fix SQL injection points in the Yii version Part 3
completed by: Daniel Klischies
mentors: Carsten Schmitz (c_schmitz), Diogo Gonçalves (dionet), Shubham Sachdeva, Pieter-Jan Speelmans (MrP001)
Walk the complete application sources (models, controllers, helpers etc. except for external libraries) and look out for old style queries which have their parameters added by string concatenation or other unsafe ways.
Change these to use the Yii bindParams feature and if possible move the query to the query to the model and use active record to proof it against SQL injection.