codeigniter活动记录,什么时候可以转义,如果有的话 [英] codeigniter active record, when to escape, if at all
问题描述
我最近才开始使用活动记录(在我之前习惯使用手动记录之前,我就一直在使用它们).
I just recently started using active record (before I just wrote manual queries since I was so used to them).
我正在查看ion_auth的代码,我发现即使使用了活动记录,在某些地方字符串也已被转义,
I was looking at the code of ion_auth and I saw that in a few places the strings had been escaped even though active record was used,
即
->where($this->identity_column, $this->db->escape_str($identity))
->where($this->tables['groups'].'.name', $this->db->escape_str($group))
事实是,我没有在使用过活动记录的任何地方转义,因为在文档中它说活动记录会自动转义字符串.
Thing is, I havent escaped anywhere where I have used active record since on the documentation it said active record escapes strings automatically.
我的问题是,使用活动记录时,在某些情况下应该转义字符串吗?
My question, when using active record, are there some situations when you should escape strings?
推荐答案
来自Codeigniter用户指南:
From the Codeigniter User Guide:
除了简单之外,使用活动记录的主要好处 它允许您创建独立于数据库的应用程序, 因为查询语法是由每个数据库适配器生成的. 它也 允许更安全的查询,因为这些值会自动转义 通过系统.
Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter. It also allows for safer queries, since the values are escaped automatically by the system.
ion_auth的创建者可能有转义字符串的特殊原因,但是,如果您使用的是Active Record,则Codeigniter会自动转义查询.
The creator of ion_auth may have had a particular reason for escaping the string, but if you are using Active Record, Codeigniter escapes the queries automatically.
但是有些查询看起来像是Active Record,需要进行转义. 这里是它们的列表,同样来自《 Codeigniter用户指南》.
But there are queries that "look" like they might be Active Record, which need to be escaped. Here's a list of them, again from the Codeigniter User Guide.
这篇关于codeigniter活动记录,什么时候可以转义,如果有的话的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
