Php Codeigniter 3 SQL注入查询
假设Php Codeigniter 3 SQL注入查询,php,mysql,codeigniter,sql-injection,codeigniter-3,Php,Mysql,Codeigniter,Sql Injection,Codeigniter 3,假设$this->input->post('location')包含如下数组: Array ( [0] => 0 [1] => 1 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 6 [7] => 7 ) $sql = "SELECT id FROM location WHERE id IN (?)"; $loc
$this->input->post('location')
包含如下数组:
Array
(
[0] => 0
[1] => 1
[2] => 2
[3] => 3
[4] => 4
[5] => 5
[6] => 6
[7] => 7
)
$sql = "SELECT id
FROM location
WHERE id IN (?)";
$locations = $this->db->query($sql, $this->input->post('location'));
此查询“Sql注入”安全吗
谢谢 我不确定这是否值得回答,但我还是在做, 是的,正如alex在评论中所说,您的查询是安全的,但我不理解的是str_repeat的不必要复杂性-我不确定,但CI中有其他方法可以写下这样的查询:
$query = $this->db
->select("id")
->from("location")
->where_in("id",$this->input->post("location"))
->get();
上面的查询也可以完成这项工作。是我忽略了什么,还是您不知道内置的查询生成器?
是的,这样做是安全的。但你只需要一个'?'
所以代码应该是这样的:
Array
(
[0] => 0
[1] => 1
[2] => 2
[3] => 3
[4] => 4
[5] => 5
[6] => 6
[7] => 7
)
$sql = "SELECT id
FROM location
WHERE id IN (?)";
$locations = $this->db->query($sql, $this->input->post('location'));
是的,这是非常安全的,在塔康特很多!我不知道这个更好的解决办法。我再说一遍:)迪米特里奥斯·德西拉斯真是太棒了!