doupin1073 2015-02-24 17:01
浏览 6
已采纳

自定义Eloquent查询绑定与Laravel 5的用法和限制

Let's say the query looks like this:

$query = 'select * from some_table LIMIT :limit'

My db->selects are the following:

a) $orders = $db->select($db->raw($query), array("limit" => '0,10'));

b) $orders = $db->select($db->raw($query), array("limit" => '10'));

a) doesn't work, but b) does. Why?

Also this doesn't work:

$query2 = 'select :col from some_table LIMIT :limit';
$orders = $db->select($db->raw($query2), array("col" => "some_col","limit" => '10'));

Am I using it the wrong way?

  • 写回答

1条回答 默认 最新

  • dtebrq0245 2015-02-24 17:58
    关注

    You need to realize that prepared statements are not just formatted strings. The idea of prepared statements is that syntax and arguments are sent separately, so you can safely send user data without risking mysql injection. In query a) you are putting syntax in the parameter. The same can be said about the columns. Column names are part of the syntax.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 marlin编译错误,如何解决?
  • ¥15 有偿四位数,节约算法和扫描算法
  • ¥15 VUE项目怎么运行,系统打不开
  • ¥50 pointpillars等目标检测算法怎么融合注意力机制
  • ¥15 关于超局变量获取查询的问题
  • ¥20 Vs code Mac系统 PHP Debug调试环境配置
  • ¥60 大一项目课,微信小程序
  • ¥15 求视频摘要youtube和ovp数据集
  • ¥15 在启动roslaunch时出现如下问题
  • ¥15 汇编语言实现加减法计算器的功能