The 3.0 version of an array of query conditions will be securely filtered (since 3.0 enforces the use of field type detection, so the query conditions for arrays are cast to the set type of the field), but the security filtering of string conditions is not supported. The 3.1 version adds preprocessing support for conditional strings, making ORM more secure.
First, use the Where method
The Where method of the model class supports string conditional preprocessing, using the method:
or direct use:
$Model->where ("id=%d and Username= '%s ' and xx= '%f '", $id, $username, $xx)->select ();If the ID variable comes from a user commit or a URL address, if the passed-in type is non-numeric, it is forced to be formatted as a number format for the query operation.
String preprocessing format types support specifying numbers, strings, and so on, and can refer to the parameter descriptions of the vsprintf method.
Ii. using Query and Execute methods
In addition to the Where condition, the native SQL query method also supports preprocessing mechanisms, such as:
The Execute method of the model also supports preprocessing mechanisms like the Query method.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
