雄辩的ORM(laravel 5)是否处理​​SQL注入? [英] Does Eloquent ORM(laravel 5) take care of SQL injection?

问题描述

我无法在线找到它，但是Eloquent ORM是否像PDO准备好的语句那样处理SQL注入?

I couldn't find it online, but does Eloquent ORM take care of SQL injection like PDO prepared statements do?

推荐答案

根据您的问题，所有雄辩的查询都会得到处理 SQL注入，因为它们在内核中使用PDO驱动程序.那么你 不必担心，但是输入将按原样存储，因此您可以 想要根据您的应用程序需求进行清理(HTML格式， 等)

As per your question all the eloquent queries are taken care of for SQL injection, because they use the PDO driver in core. So you don't have to worry, but the input are stored as they are so you might want to sanitize as per your application's needs (HTML formatting, etc.)

这篇关于雄辩的ORM(laravel 5)是否处理​​SQL注入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！