Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/mysql/55.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Php Codeigniter 3 SQL注入查询_Php_Mysql_Codeigniter_Sql Injection_Codeigniter 3 - Fatal编程技术网
Fatal编程技术网
  • php/
  • Php Codeigniter 3 SQL注入查询

Php Codeigniter 3 SQL注入查询

php mysql codeigniter

Php Codeigniter 3 SQL注入查询,php,mysql,codeigniter,sql-injection,codeigniter-3,Php,Mysql,Codeigniter,Sql Injection,Codeigniter 3,假设$this->input->post('location')包含如下数组: Array ( [0] => 0 [1] => 1 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 6 [7] => 7 ) $sql = "SELECT id FROM location WHERE id IN (?)"; $loc

假设
$this->input->post('location')
包含如下数组:

Array
(
    [0] => 0
    [1] => 1
    [2] => 2
    [3] => 3
    [4] => 4
    [5] => 5
    [6] => 6
    [7] => 7
)

$sql = "SELECT id 
        FROM location
        WHERE id IN (?)";
$locations = $this->db->query($sql, $this->input->post('location'));
此查询“Sql注入”安全吗

谢谢

我不确定这是否值得回答,但我还是在做, 是的,正如alex在评论中所说,您的查询是安全的,但我不理解的是str_repeat的不必要复杂性-我不确定,但CI中有其他方法可以写下这样的查询:

$query = $this->db
            ->select("id")
            ->from("location")
            ->where_in("id",$this->input->post("location"))
            ->get();
上面的查询也可以完成这项工作。是我忽略了什么,还是您不知道内置的查询生成器?

是的,这样做是安全的。但你只需要一个'?'

所以代码应该是这样的:

Array
(
    [0] => 0
    [1] => 1
    [2] => 2
    [3] => 3
    [4] => 4
    [5] => 5
    [6] => 6
    [7] => 7
)

$sql = "SELECT id 
        FROM location
        WHERE id IN (?)";
$locations = $this->db->query($sql, $this->input->post('location'));
是的,这是非常安全的,在塔康特很多!我不知道这个更好的解决办法。我再说一遍:)迪米特里奥斯·德西拉斯真是太棒了!