[英]CakePHP - generating SQL update statement without apostrophes
I'm trying to call updateAll function on Model and update text column but CakePHP doesn't add apostrophes to SQL command. 我正在尝试在Model上调用updateAll函数并更新文本列,但CakePHP不会在SQL命令中添加撇号。
Is there any special setting to make it active? 有什么特殊设置可以激活它吗? Is it necessary to do sanitization manually?
是否需要手动进行消毒?
I'm using CakePHP 2.3 and MySQL 5.1 我正在使用CakePHP 2.3和MySQL 5.1
CakePHP CakePHP
$this->User->updateAll(
array('User.about_me' => $about),
array('User.id' => $id)
);
SQL command SQL命令
UPDATE `test`.`users` AS `User`
SET `User`.`about_me` = Nunc posuere risus sed elit ornare malesuada.
WHERE `User`.`id` = 8956954
Yes, this one is a little unexpected, but if you open cookbook and read about updateAll
, it is clearly stated, that "Literal values should be quoted manually using DboSource::value()
". 是的,这有点出乎意料,但是如果您打开烹饪书并阅读有关
updateAll
,则会清楚地指出,“应该使用DboSource::value()
手动引用文字值”。 Or if you don't use user input, you can quote it yourself like: array('User.state' => "'active'")
或者,如果您不使用用户输入,则可以自己引用它,例如:
array('User.state' => "'active'")
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.