Yii2: Get raw SQL Query from an Activerecord or a query builder

This tutorial show you how to dump the Sql Query from an Activerecord and more.
It can help us to debug Sql query in some case when yii debug is not work.

Example:

$listBooks = Books::find()->where('author=2')->all();

To get raw SQL query with all parameters included try:

$query = Books::find()->where('author=2');
echo $query->createCommand()->sql;
echo $query->createCommand()->getRawSql();

It not only works with Activerecord .

Refer : http://chris-backhouse.com/Yii2-Output-the-SQL-from-a-query-builder/1027

Read More

Yii2: Unknown Property Exception after adding column to table

Unknown Property – yii\base\UnknownPropertyException
Getting unknown property: app\models

What happens when you get an error Exception "Getting unknown property", after just added a field to the table in the database ?

1. Check your property name, was it correct?
2. Clear cache if you using cache. Yii2 will cache the table schema so if you change the table you need to clear the cache

Read More

Yii2: Validate unique if attribute is not empty

Yii2 unique validator, empty string and null is treated the same and ignored. It not the same as mysql when only null value ignored in unique check.
But this is not a bug, not all database management systemare the same with mysql.

So if you want to validate an attribute only when it not empty. Try the following rules :

['phone', 'filter', 'filter' => 'trim'], //trim string
['phone', 'default'], //set null if empty string
['phone', 'unique'],

Refer :
http://www.yiiframework.com/doc-2.0/guide-tutorial-core-validators.html

Read More

Yii2: Using csrf token

First, if you do not understand what is the CSRF token? and why should we use it, please refer to the following link :
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

One of the new features of Yii2 is CSRF validation enabled by default.
If you use ajax or basic form as follows :

<form action='#' method='POST'>
    ...........
</form>

You will get an error exception :

Bad Request (#400): Unable to verify your data submission

That is because you do not submit csrf token. The easiest way if you dont care about csrf just disable it in main config :

'components' => [
     'request' => [
          ....
          'enableCsrfValidation'=>false,
      ],
      .....
],

Or in Controller :

public function beforeAction($action) {
    $this->enableCsrfValidation = false;
    return parent::beforeAction($action);
}

So how to use Csrf Validation for your strong security website:

* With basic form:
- Create form with yii\widgets\ActiveForm or yii\bootstrap\ActiveForm
ActiveForm will automatically add a token in the form

Can use like this

<?php $form = ActiveForm::begin(['id' => 'login-form']); ?>
    <?= $form->field($model, 'username') ?>
    <?= $form->field($model, 'password')->passwordInput() ?>
    ....
<?php ActiveForm::end(); ?>

Or

<?php $form = ActiveForm::begin(['id' => 'login-form']); ?>
      <input type='text' name='name'/>
      .........
<?php ActiveForm::end(); ?>

* With manual form:
you must manually add CSRF token in the form

<form action='#' method='POST'>
   <input type="hidden" name="_csrf" value="<?=Yii::$app->request->getCsrfToken()?>" />
   ....
</form>

* With Ajax
- In main layout add csrfMetaTags :

<head>
   .......
   <?= Html::csrfMetaTags() ?>
</head>

- And in javascript ajax code add csrf param like this:

var csrfToken = $('meta[name="csrf-token"]').attr("content");
$.ajax({
         url: 'request',
         type: 'post',
         dataType: 'json',
         data: {param1: param1, _csrf : csrfToken},
});

Read More