比较活动记录代码初始化器中的值时,在where子句中使用斜杠
[英]Using slashes in the where clause while comparing values in active record codeigniter
问题描述
I have the following query 
我有以下查询
$query="DELETE FROM salesinvoiceitems WHERE invoiceNumber=".$this->put('invoiceNumber');
Here $this->put('invoiceNumber'); 这里$this->put('invoiceNumber'); always have values like "M\\34\\SD". 始终具有“ M \\ 34 \\ SD”之类的值。 Due to slashes in values it doesn't work as expected. 由于值的斜线无法正常工作。
I researched and found the mysql_escape_string can be used for this purpose but its deprecated now as per the manual. 我研究后发现mysql_escape_string可用于此目的,但现在已按照手册弃用了它。 So whats my best bet here? 那么,我最好的选择是什么?
4 个解决方案
解决方案1
1 2013-03-05 09:48:37
Why not use Codeingiter Active Record instead? 为什么不改用Codeingiter Active Record? An example: 一个例子:
$this->db->where('invoiceNumber', $this->put('invoiceNumber'));
$this->db->delete('salesinvoiceitems');
Taken from Codeigniter documentation: 取自Codeigniter文档:
Beyond simplicity, a major benefit to using the Active Record features is that it allows you to create database independent applications, since the query syntax is generated by each database adapter.
解决方案2
0 已采纳 2013-03-05 09:47:18
There's a method in the activerecord called escape , so you should : 活动记录中有一个方法称为escape ,所以您应该:
$invoice = $this->db->escape($yourVar);
$query = "DELETE FROM salesinvoiceitems WHERE invoiceNumber=$invoice";
Which will protect against sql injection as it escapes the var. 这将防止sql注入,因为它逃脱了var。
解决方案3
0 2013-03-05 09:47:25
尝试这个
$query="DELETE FROM salesinvoiceitems WHERE invoiceNumber=".addslashes($this->put('invoiceNumber'));
解决方案4
0 2013-03-05 09:48:03
尝试带斜线
$query="DELETE FROM salesinvoiceitems WHERE invoiceNumber='".($this->put('invoiceNumber')). "'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.