\PDO::ATTR_EMULATE_PREPARES => true Security issue
The option
'options' => [
\PDO::ATTR_EMULATE_PREPARES => true
]
will resolve the issue, However, beside the security issues it generates, it also effect all select queries that you perform on the DB in the way that it force/convert every returned type from the DB to be string instead of the real type (integer/ float)
How does it effect you?
if you have a validation layer above the result of the query, you can't perform something like (
if (is_int($model->id))
) which will return 0 always, because it's string not an integer anymore.