問題描述

我是 laravel 的新手，并將其用作輸入查詢:

I'm new to laravel and use this as a input query:

DB::table('user_input')->insert(array(
                array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))

            ));

在標(biāo)準(zhǔn) php 中我永遠(yuǎn)不會這樣做，因?yàn)椴樵兯坪鯖]有準(zhǔn)備好，我將用戶輸入直接放入上面的查詢中.

which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.

在 Eloquent ORM 中是否有我不認(rèn)識的自動準(zhǔn)備，或者我將如何使用 Eloquent 編寫準(zhǔn)備好的語句?

Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?

推薦答案

Eloquent 在幕后執(zhí)行 PDO 樣式的準(zhǔn)備語句，以防止諸如 sql 注入之類的事情.默認(rèn)情況下，Eloquent 模型還可以防止質(zhì)量分配.除非您特別注意應(yīng)保護(hù)的數(shù)據(jù)庫列或相反的列(應(yīng)可填充的列)，否則將引發(fā)異常.

Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).

http://laravel.com/docs/4.2/eloquent#mass-assignment

想深入了解的可以看類

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php` 

看看 laravel 如何在 Eloquent 中構(gòu)建查詢.

to see how laravel constructs the queries in Eloquent.

這篇關(guān)于使用 Eloquent ORM/laravel 準(zhǔn)備好的語句的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！