Codeigniter 编码点火器逸出台
我知道CodeIgniter会自动转义发送给插入或更新查询的值,例如Codeigniter 编码点火器逸出台,codeigniter,escaping,codeigniter-3,Codeigniter,Escaping,Codeigniter 3,我知道CodeIgniter会自动转义发送给插入或更新查询的值,例如$bar,但如果从post或get接收到表,它也会转义$table?我找不到这方面的任何文件 $this->db->insert($table, array('foo' => $bar)); 如果您查看第902行附近的CodeIgniter的2.x system/database/drivers/DB_driver.php 或 1365线附近的CodeIgniters 3.x系统/数据库/数据库/数据库驱动程
$bar
,但如果从post或get接收到表,它也会转义$table
?我找不到这方面的任何文件
$this->db->insert($table, array('foo' => $bar));
如果您查看第902行附近的CodeIgniter的2.x system/database/drivers/DB_driver.php 或 1365线附近的CodeIgniters 3.x系统/数据库/数据库/数据库驱动程序 您将发现一个名为insert_string()的函数,它如下所示:
/**
* Generate an insert string
*
* @access public
* @param string the table upon which the query will be performed
* @param array an associative array data of key/values
* @return string
*/
function insert_string($table, $data)
{
$fields = array();
$values = array();
foreach ($data as $key => $val)
{
$fields[] = $this->_escape_identifiers($key);
$values[] = $this->escape($val);
}
return $this->_insert($this->_protect_identifiers($table, TRUE, NULL, FALSE), $fields, $values);
}
然后,第1246行(CI 2.x)或第1729行(CI 3.0)附近的后续函数_protect_identifiers(),表示:
* Since the column name can include up to four segments (host, DB, table, column)
* or also have an alias prefix, we need to do a bit of work to figure this out and
* insert the table prefix (if it exists) in the proper position, and escape only
* the correct identifiers.
所以答案是肯定的
如有疑问,您可以随时使用:echo($this->db->last_query());模具()代码>它打印出您上次执行的查询,可能如下所示:
INSERT INTO `googlemaps_marker` (`descr`, `Lat`, `Lng`, `pretty_url`, `ID`, `zone_ID`, `kind`, `author_id`, `author`, `date_updated`) VALUES ('sasasasdas', '41.27780646738183', '-7.437744140625', 'sasasasdas', 4, 4, 1, '1', 'Admini Istrator', '2017-07-15 18:20:40')