問題描述

我是 laravel 的新手，并將其用作輸入查詢:

I'm new to laravel and use this as a input query:

DB::table('user_input')->insert(array(
                array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))

            ));

在標準 php 中我永遠不會這樣做，因為查詢似乎沒有準備好，我將用戶輸入直接放入上面的查詢中.

which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.

在 Eloquent ORM 中是否有我不認識的自動準備，或者我將如何使用 Eloquent 編寫準備好的語句?

Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?

推薦答案

Eloquent 在幕后執(zhí)行 PDO 樣式的準備語句，以防止諸如 sql 注入之類的事情.默認情況下，Eloquent 模型還可以防止質(zhì)量分配.除非您特別注意應(yīng)保護的數(shù)據(jù)庫列或相反的列(應(yīng)可填充的列)，否則將引發(fā)異常.

Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).

http://laravel.com/docs/4.2/eloquent#mass-assignment

想深入了解的可以看類

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php` 

看看 laravel 如何在 Eloquent 中構(gòu)建查詢.

to see how laravel constructs the queries in Eloquent.

這篇關(guān)于使用 Eloquent ORM/laravel 準備好的語句的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！