[英]Prevent to execute insert statements to database on laravel query builder
I have query builder method like this: 我有这样的查询生成器方法:
public function export_excel($query)
{
return DB::select(DB::raw($query));
}
I want to execute select
statements not insert
or update
statements 我要执行
select
语句而不是insert
或update
语句
You can parse the $query checking for unwanted INSERT/UPDATE/etc. 您可以解析$ query检查不需要的INSERT / UPDATE / etc。 with a sql parser.
与SQL解析器。
Pear: http://pear.php.net/package/SQL_Parser (still fairly new)
梨子: http : //pear.php.net/package/SQL_Parser (仍然很新)
txtSQL: http://sourceforge.net/projects/txtsql
txtSQL: http : //sourceforge.net/projects/txtsql
PHP-SQL-Parse: http://code.google.com/p/php-sql-parser/ (as mentioned by the OP).
PHP-SQL-Parse: http : //code.google.com/p/php-sql-parser/ (如OP所述)。 This seems to be the most robust of these three (certainly the best documented)
这似乎是这三者中最强大的(当然是记录最好的)
from sql-parser-in-php . 来自sql-parser-in-php 。
But as pointed from @AlonEitan Transaction and Rollback could do the the jobs, but cannot avoid CREATE or DROP (on MySQL). 但是正如@AlonEitan所指出的,Transaction和Rollback可以完成这些工作,但不能避免在MySQL上进行CREATE或DROP。
May be exec that query using ReadOnly account can solve the problem with no risks/overhead-executions. 可能是执行者使用ReadOnly帐户的查询可以解决此问题而没有任何风险/执行开销。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.