Merge pull request #6519 from pana1990/patch-1

docs/guide/security-best-practices.md

 Security best practices
 =======================
 
-Below we'll review common security principles and describe how to avoid threats when developing applications using Yii. 
+Below we'll review common security principles and describe how to avoid threats when developing applications using Yii.
 
 Basic principles
 ----------------
@@ -56,7 +56,7 @@ SELECT * FROM user WHERE username = ''; DROP TABLE user; --'
 This is valid query that will search for users with empty username and then will drop `user` table most probably
 resulting in broken website and data loss (you've set up regular backups, right?).
 
-In Yii most of database querying happens via [Active Record](db-active-record.md) which properly uses PDO perpared
+In Yii most of database querying happens via [Active Record](db-active-record.md) which properly uses PDO prepared
 statements internally. In case of prepared statements it's not possible to manipulate query as was demonstrated above.
 
 Still, sometimes you need [raw queries](db-dao.md) or [query builder](db-query-builder.md). In this case you should use
@@ -69,7 +69,7 @@ $userIDs = (new Query())
     ->from('user')
     ->where('status=:status', [':status' => $status])
     ->all();
-    
+
 // DAO
 $userIDs = $connection
     ->createCommand('SELECT id FROM user where status=:status')
@@ -138,7 +138,7 @@ Avoiding debug info and tools at production
 In debug mode Yii shows quite verbose errors which are certainly helpful for development. The thing is that these
 verbose errors are handy for attacker as well since these could reveal database structure, configuration values and
 parts of your code. Never run production applications with `YII_DEBUG` set to `true` in your `index.php`.
- 
+
 You should never enalble Gii at production. It could be used to get information about database structure, code and to
 simply rewrite code with what's generated by Gii.