使用 Eloquent ORM / laravel 准备好的语句
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27131856/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
prepared statement with Eloquent ORM / laravel
提问by baao
I'm new to laravel and use this as a input query:
我是 laravel 的新手,并将其用作输入查询:
DB::table('user_input')->insert(array(
array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))
));
which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.
在标准 php 中我永远不会这样做,因为查询似乎没有准备好,我将用户输入直接放入上面的查询中。
Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?
Eloquent ORM 中是否有我不认识的自动准备,或者我将如何使用 Eloquent 编写准备好的语句?
采纳答案by Chris Schmitz
Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).
Eloquent 在幕后执行 PDO 风格的准备语句,以防止诸如 sql 注入之类的事情。默认情况下,Eloquent 模型还可以防止质量分配。除非您特别注意应保护的数据库列或相反的列(应可填充的列),否则将引发异常。
http://laravel.com/docs/4.2/eloquent#mass-assignment
http://laravel.com/docs/4.2/eloquent#mass-assignment
If you want to dig further in, you can look at the class
如果你想进一步挖掘,你可以看一下类
/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php`
to see how laravel constructs the queries in Eloquent.
查看 laravel 如何在 Eloquent 中构建查询。
