Laravel SelectRaw 与 DB:Raw
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34408900/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel SelectRaw vs DB:Raw
提问by vijaykumar
First:
第一的:
DB::table('someTable')
->selectRaw('count(*), min(some_field) as someMin, max(another_field) as someMax')
->get();
Second:
第二:
DB::table('someTable')->select(
array(
DB::raw('min(some_field) as someMin'),
DB::raw('max(another_field) as someMax'),
DB::raw('COUNT(*) as `count`')
)
)->get()
The above two query result is same , but my question is there any possible security issues(SQL injections) with these two queries if i use user inputs directly in where conditions.
以上两个查询结果相同,但我的问题是,如果我直接在 where 条件下使用用户输入,这两个查询可能存在安全问题(SQL 注入)。
回答by Mina Abadir
As per Laravel's documentation:
根据 Laravel 的文档:
Note: The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
注意:Laravel 查询构建器使用 PDO 参数绑定来保护您的应用程序免受 SQL 注入攻击。无需清理作为绑定传递的字符串。
