so for example to save user ip into db:
$ip = Request::getClientIp();
...
$post->user_ip = DB::raw("inet_aton('$ip')");
$post->save()
I don't really like this code how to properly escape the $ip variable?
Edit: I am looking for a way of binding the variable instead of directly using him like:
DB::insert('insert into users (ip) values (?)', [$ip]);
to protect from sql injection
From Laravel docs :
You may also access the raw, underlying PDO instance using the getPdo method on a connection instance:
$pdo = DB::connection()->getPdo();
So, in your case:
$ip = Request::getClientIp();
$ip = DB::connection()->getPdo()->quote($ip); // the escaping part
$post->user_ip = DB::raw("inet_aton($ip)");
$post->save();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.