Codeigniter 从数组中增加数据库中的值,仅转义一个组件
[英]Codeigniter increase value in database from array with only one component escaped
问题描述
I need to increase the value of a field in my CodeIgniter database.
我需要增加我的 CodeIgniter 数据库中一个字段的值。
I understand that CI allows not to escape values, setting as FALSE the third parameter in $this->db->set().我知道 CI 不允许转义值,将 $this->db->set() 中的第三个参数设置为 FALSE。
I am inserting multiple data from an array, and as I understand, it would be not much secure to escape them all (data is coming from form), since I only need increasing in one field.我从一个数组中插入多个数据,据我所知,将它们全部转义不太安全(数据来自表单),因为我只需要在一个字段中增加。
How can I avoid inserting this value separately?如何避免单独插入此值?
My current code:我目前的代码:
$dataCliente = array(
'nombre' => $nombre,
'email' => $email,
'genero' => $genero,
'reserva_next' => $fecha,
'reserva_next_id' => $reserva_id,
'reserva_lastreq' => time(),
'reservas' => "reservas+1"
);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);
EDIT: I HAVE TESTED WITH SIMPLE AND DOUBLE QUOTES, IN BOTH CASES THE VALUE OF THE FIELD IS SAVED AS 0 (ZERO)编辑:我已经用简单和双引号进行了测试,在这两种情况下,字段的值都保存为 0(零)
The previous code does not produce the expected result.前面的代码不会产生预期的结果。 But this works:但这有效:
$dataCliente = array(
'nombre' => $nombre,
'email' => $email,
'genero' => $genero,
'reserva_next' => $fecha,
'reserva_next_id' => $reserva_id,
'reserva_lastreq' => time(),
//'reservas' => "reservas+1"
);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);
$this->db->set('reservas', 'reservas+1', FALSE);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $dataCliente);
My intention is to use only one statement to insert data.我的意图是只使用一个语句来插入数据。 Is it possible not to escape a single element of the array, using the first code?使用第一个代码是否可以不转义数组的单个元素?
Thank you very much!非常感谢!
2 个解决方案
解决方案1
1 2019-12-18 03:32:09
The simple answer is No. It's a very simple array.简单的答案是否定的。这是一个非常简单的数组。
You can see that the SET statement has 3 parameters.可以看到SET语句有3个参数。 How are you planning on adding that into your data array.您打算如何将其添加到数据数组中。
The other reasons probably are...其他原因大概是……
- It's already covered by using set with false.使用 set with false 已经涵盖了它。
- It's a royal pain in the butt to add more fields in the array and have to parse them to determine which one requires the false flag.在数组中添加更多字段并且必须解析它们以确定哪个需要错误标志是一种极大的痛苦。
Using Set as you have is perfectly acceptable and when you think about it in your case...像你一样使用 Set 是完全可以接受的,当你在你的情况下考虑它时......
Each time you perform an update to an entry you will always increment the "reservas" value.每次对条目执行更新时,您将始终增加"reservas"值。 This isn't and definitely should not be a part of your "Data" you wish to update from your Form.这不是也绝对不应该是您希望从表单更新的“数据”的一部分。 It is a function of the update itself.这是更新本身的功能。
So that kind of leads into... lets make a function.所以那种导致......让我们创建一个函数。 This isn't really part of the answer to your question but I have added it as simply something to ponder over.这并不是您问题的真正答案的一部分,但我已将其添加为简单的思考内容。
You can put this where ever you like but to keep it simple I'll assume you have a client controller and I'll put it all in there for this example...你可以把它放在任何你喜欢的地方,但为了简单起见,我假设你有一个客户端控制器,我会把它放在这个例子中......
So set up your $telefono and $dataCliente as only you know where that comes from... Then create a simple single function.所以设置你的 $telefono 和 $dataCliente ,因为只有你知道它们来自哪里......然后创建一个简单的单一函数。
private function update_client_details($data, $telefono) {
$this->db->set('reservas', 'reservas+1', FALSE);
$this->db->where('telefono', $telefono);
$this->db->update('clientes', $data);
}
And call the above method to perform the update.并调用上述方法进行更新。 It's become One Statement.它变成了一个声明。
It's a good idea to make this private if its in the controller.如果它在控制器中,最好将其设为私有。 In a Model it would need to be public.在模型中,它需要是公开的。
解决方案2
0 2019-12-17 03:33:49
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.