使用 Eloquent ORM/laravel 准备好的语句 [英] prepared statement with Eloquent ORM / laravel

问题描述

我是 laravel 的新手，并将其用作输入查询:

I'm new to laravel and use this as a input query:

DB::table('user_input')->insert(array(
                array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))

            ));

在标准 php 中我永远不会这样做，因为查询似乎没有准备好，我将用户输入直接放入上面的查询中.

which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.

在 Eloquent ORM 中是否有我不认识的自动准备，或者我将如何使用 Eloquent 编写准备好的语句?

Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?

推荐答案

Eloquent 在幕后执行 PDO 样式的准备语句，以防止诸如 sql 注入之类的事情.默认情况下，Eloquent 模型还可以防止质量分配.除非您特别注意应保护的数据库列或相反的列(应可填充的列)，否则将引发异常.

Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).

http://laravel.com/docs/4.2/eloquent#mass-assignment

想深入了解的可以看类

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php` 

看看 laravel 如何在 Eloquent 中构建查询.

to see how laravel constructs the queries in Eloquent.

这篇关于使用 Eloquent ORM/laravel 准备好的语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！