PHP Codeigniter + Sparks + php-activerecord如何在插入或更新数据之前进行转义
[英]PHP Codeigniter + Sparks + php-activerecord how to escape before insert or update data
问题描述
I'm very new php-activerecord. 
我是非常新的php-activerecord。 Is there a way auto escape all of my post/get data before update or insert records? 有没有一种方法可以在更新或插入记录之前自动转义我的所有帖子/获取数据?
class User extends ActiveRecord\Model {...}
class Blog extends MY_Controller
{
function test()
{
$user = User::find('last');
$user->first_name = 'test"quot' . "es'zzz";
$user->save();
}
}
// inserted data
// first_name = test"quotes'zzz
2 个解决方案
解决方案1
1 已采纳 2012-05-28 01:26:05
Have a look at Query Bindings 看看查询绑定
The secondary benefit of using binds is that the values are automatically escaped, producing safer queries.
解决方案2
0 2012-05-30 21:04:23
Did you encounter any trouble? 遇到麻烦了吗 PHP-ActiveRecord is using PDO prepared statements ( source ). PHP-ActiveRecord正在使用PDO准备的语句 ( 源 )。 So you shouldn't encounter any escaping problem, if so, feel free to open n issue on the github project page: https://github.com/kla/php-activerecord 因此,您应该不会遇到任何转义问题,如果是这样,请随时在github项目页面上打开n问题: https : //github.com/kla/php-activerecord
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.