用雄辩的口才准备的陈述。

I'm new to laravel and use this as a input query:

我是laravel的新手，用这个作为输入查询:

DB::table('user_input')->insert(array(
                array('fname' => Input::get('Name'),'lname' => 'no','email' => Input::get('E-Mail'),'date_from' => $from_date,'date_to' => $to_date,'phone' => Input::get('Phone'),'message' => Input::get('Message'),'ip_address' => Request::getClientIp(), 'newsletter' => Input::get('Sign-up'))

            ));

which I would never do like that in standard php, as the query doesn't seem to be prepared and I put user input directly into above query.

在标准php中，我不会这样做，因为查询似乎没有准备好，我将用户输入直接输入到上面的查询中。

Is there a automatic preparation in Eloquent ORM which I haven't recognized or how would I write a prepared statement with Eloquent?

是否有一个自动的准备在雄辩的ORM中，我没有认识或我如何写一个准备好的陈述与雄辩?

1 个解决方案

#1

Eloquent does the PDO style prepared statements behind the scenes to protect against things like sql injection. Eloquent models also protect against mass assignment by default. An exception will be thrown unless you specifically note the columns of the database that should be guarded or the inverse (the ones that should be fillable).

PDO风格的准备语句在幕后很有说服力，可以防止sql注入之类的东西。雄辩的模型也可以防止默认的大规模分配。除非您特别注意应该保护的数据库列或相反的列(应该是可填充的列)，否则将抛出异常。

http://laravel.com/docs/4.2/eloquent#mass-assignment

http://laravel.com/docs/4.2/eloquent质量确定

If you want to dig further in, you can look at the class

如果你想深入挖掘，你可以看看这个班。

/vendor/laravel/framework/src/Illuminate/Database/Query/Builder.php`

to see how laravel constructs the queries in Eloquent.

看看laravel是如何构造查询的。

#1