php Laravel 删除查询生成器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22722959/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel Delete Query Builder
提问by castt
In Laravel 4 Illuminate\Database\Queryin a Builderclass deletefunction accepts nullas an idparameter. And behaivor of this function implies that if I have something like:
在 Laravel 4Illuminate\Database\Query中,Builder类delete函数接受null作为id参数。这个函数的行为意味着,如果我有类似的东西:
DB::table('users')->where('id', $id)->delete();
And if $idwill be passed as a null, it will truncate the whole table. Which means that besides standard validation, I have to wrap every delete statement with ! is_null($id)validation. Is it a security breach or it's considered as a standard practice?
如果$id将作为 a 传递null,它将截断整个表。这意味着除了标准验证之外,我必须用! is_null($id)验证包装每个删除语句。这是安全漏洞还是被视为标准做法?
回答by Jason Lewis
I think you're misunderstanding what that parameters purpose is. It's simply a shortcutfor the example you have shown. If you have a users ID you can delete them without writing that whereclause.
我认为您误解了该参数的目的是什么。这只是您显示的示例的快捷方式。如果您有用户 ID,则无需编写该where子句即可将其删除。
DB::table('users')->delete($id);
The above is identical to this:
以上与此相同:
DB::table('users')->where('id', $id)->delete();
You'd obviously perform a check prior to using any of these methods to ensure that a valid ID has been supplied. I wouldn't say it's a security breach, just something you as a developer needs to be aware of when developing your application. You don't just go willy nilly deleting things without first validating the input.
在使用任何这些方法之前,您显然会执行检查以确保提供了有效的 ID。我不会说这是安全漏洞,只是作为开发人员在开发应用程序时需要注意的事情。你不会在没有首先验证输入的情况下随意删除东西。
