dtdfj08626 2015-05-21 06:34 采纳率: 0%
浏览 157

YII束插入 - 避免SQL注入

I insert big chunks of data to DB (~ 500) in the loop ( there are nearly 20000 or more records in total):

            $builder = Yii::app()->db->schema->commandBuilder;
            $command = $builder->createMultipleInsertCommand('product_supplier',
                  $dataToDb
            );
            $command->execute();

Using AR one can use validate() method to ensure that data are valid and AFAIK model escapes all dangerous data.

I would like to avoid to be SQL-injected.

Should I escape all data on my own when I use multiple insert or Yii takes care about it ?

Is it good idea to use standard PHP function "mysqli_escape_string " ?

I feel unsure how good it is.

Thanks.

  • 写回答

1条回答 默认 最新

  • dpftppc9674 2015-05-21 16:09
    关注

    The CDbCommand::createMultipleInsertCommand() method uses param binding, so it's safe.

    ActiveRecords also use param binding and there's no extra escaping as it is not required.

    评论

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题