准备的声明与雄辩的ORM / laravel [英] prepared statement with Eloquent ORM / laravel
问题描述
DB :: table('user_input')我很喜欢Laravel,并将其用作输入查询: - > insert(array(
array('fname'=> Input :: get('Name'),'lname'=>'no','email'=> Input :: get 'E-Mail'),'date_from'=> $ from_date,'date_to'=> $ to_date,'phone'=> Input :: get('Phone'),'message'=> Input :: get('Message'),'ip_address'=> Request :: getClientIp(),'newsletter'=> Input :: get('注册))
));
我不会像标准php那样做,因为查询似乎没有准备我将用户输入直接输入到上面的查询中。
有没有自动准备在我没有认可的雄辩ORM中,或者如何用Eloquent编写准备好的语句?
有力的PDO风格准备了幕后的语句,以防止像sql注入这样的事情。雄辩的模特也默认防止质量分配。除非您特别注意数据库中应该保护的列或反向(应该被填充的列),否则将抛出异常。
http://laravel.com/docs/4.2/eloquent#mass-assignment
如果你想进一步挖掘,你可以看看课程
/ vendor / laravel / framework / src / Illuminate / Database / Query / Builder.php`
看看如何laravel在雄辩中构建查询。
I'm new to laravel and use this as a input query:
DB::table('user_input')->insert(array(
array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))
));
which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.
Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?
Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).
http://laravel.com/docs/4.2/eloquent#mass-assignment
If you want to dig further in, you can look at the class
/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php`
to see how laravel constructs the queries in Eloquent.
这篇关于准备的声明与雄辩的ORM / laravel的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
