doupin1073 2015-02-24 17:01
浏览 6
已采纳

自定义Eloquent查询绑定与Laravel 5的用法和限制

Let's say the query looks like this:

$query = 'select * from some_table LIMIT :limit'

My db->selects are the following:

a) $orders = $db->select($db->raw($query), array("limit" => '0,10'));

b) $orders = $db->select($db->raw($query), array("limit" => '10'));

a) doesn't work, but b) does. Why?

Also this doesn't work:

$query2 = 'select :col from some_table LIMIT :limit';
$orders = $db->select($db->raw($query2), array("col" => "some_col","limit" => '10'));

Am I using it the wrong way?

  • 写回答

1条回答 默认 最新

  • dtebrq0245 2015-02-24 17:58
    关注

    You need to realize that prepared statements are not just formatted strings. The idea of prepared statements is that syntax and arguments are sent separately, so you can safely send user data without risking mysql injection. In query a) you are putting syntax in the parameter. The same can be said about the columns. Column names are part of the syntax.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序
  • ¥15 多址通信方式的抗噪声性能和系统容量对比
  • ¥15 winform的chart曲线生成时有凸起
  • ¥15 msix packaging tool打包问题
  • ¥15 finalshell节点的搭建代码和那个端口代码教程
  • ¥15 Centos / PETSc / PETGEM
  • ¥15 centos7.9 IPv6端口telnet和端口监控问题
  • ¥20 完全没有学习过GAN,看了CSDN的一篇文章,里面有代码但是完全不知道如何操作