[英]Can't use CodeIgniter's LIKE()
Because of some bug or my lack of knowledge in ODBC connections I can't use CodeIgniter's 由于某些错误或缺乏对ODBC连接的了解,我无法使用CodeIgniter的
$this->db->like();
(If you really want to know why I can't use it, see my other thread here .) (如果您真的想知道为什么我不能使用它,请在此处查看我的其他主题。)
How do I replace 我该如何更换
$this->db->like("name", 'a', 'after');
with some other safe code? 与其他一些安全代码?
EDIT: 编辑:
Obviously, I wasn't clear in my description. 显然,我的描述不清楚。
I KNOW how to use "like()". 我知道如何使用“ like()”。 My problem is that I CAN'T use it because of other circumstances. 我的问题是,由于其他情况,我无法使用它。 What I need is a substitute for "like()". 我需要的是“ like()”的替代品。
I know I could do it like: 我知道我可以这样做:
$this->db->where("name LIKE 'a%'", NULL, FALSE);
but that wouldn't be safe. 但这并不安全。
EDIT 2: 编辑2:
Maybe this could work: 也许这可以工作:
$user_input = "a";
//Escape input
$escaped_input = $this->db->escape($user_input);
//add a %-sign to the end of the escaped input
$like_input = substr_replace($escaped_input, "%", -1, 0)
$this->db->where("name LIKE " . $like_input, NULL, FALSE);
But I get the feeling it would not prevent SQL injections. 但是我感觉到它不会阻止SQL注入。
There is 3 methods to follow. 有3种方法可以遵循。
after 后
$this->db->like('name', 'a', 'after'); // Output: WHERE name LIKE 'a%'
before 之前
$this->db->like('name', 'a', 'before'); // Output: WHERE name LIKE '%a'
both 都
$this->db->like('name', 'a', 'both'); // Output: WHERE name LIKE '%a%'
Check your database connection and database library loaded as well 检查数据库连接和数据库库是否已加载
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.