Laravel中的SQL注入预防 [英] Sql injection prevention in laravel

问题描述

我是Laravel的新手，我正在学习它。

I am new to Laravel and i am learning it .

我们在laravel中做什么以防止sql注入？
什么是依赖项注入以及我们如何防止依赖注入？

What do we do in laravel to prevent sql injection ?? What is dependency injection and what do we do to prevent that ?

预先感谢

推荐答案

如果您始终使用Eloquent，则一般而言，SQL注入将不成问题，但附带条件。

If you use Eloquent throughout, as a general rule of thumb SQL injection won't be an issue, with one proviso.

有一些雄辩的方法可以使查询的一部分写为原始SQL，例如 whereRaw（）和 selectRaw（）。如果使用这些并将查询作为包含所包含值的字符串传递，则您很容易受到SQL注入的影响，如本例所示：

There are Eloquent methods that enable part of a query to be written out as raw SQL, such as whereRaw() and selectRaw(). If you use these and pass the query as a string with the values included as is, you are vulnerable to SQL injection, as in this example:

whereRaw("name = '$name'")

但是，这些方法可以让您通过将值数组作为第二个参数来使用准备好的语句：

However, these methods allow you to use prepared statements by passing as the second argument an array of values:

whereRaw("name = ?", [$name])

这样做，您应该可以避免SQL注入。

By doing that, you should be safe from SQL injection.

依赖注入是一个完全独立的主题，我会向aimme推荐，向您介绍Laravel文档以了解更多信息。

Dependency injection is an entirely separate subject and I'd echo aimme in pointing you to the Laravel documentation to learn more.

这篇关于Laravel中的SQL注入预防的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！