prepared statement with Eloquent ORM / laravel
Question
I'm new to laravel and use this as a input query:
DB::table('user_input')->insert(array(
array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))
));
which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.
Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?
1 answers
solution1
3 ACCPTED 2014-11-25 16:37:00
Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).
http://laravel.com/docs/4.2/eloquent#mass-assignment
If you want to dig further in, you can look at the class
/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php`
to see how laravel constructs the queries in Eloquent.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.