Home  >  Article  >  Backend Development  >  An introduction to query condition preprocessing, a new feature of ThinkPHP3.1_PHP Tutorial

An introduction to query condition preprocessing, a new feature of ThinkPHP3.1_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 10:24:27798browse

The previous version of ThinkPHP 3.0 will perform security filtering on query conditions in array mode (this is because 3.0 forces the use of field type detection, so query conditions in array mode will be forced to be converted to the setting type of the field), but 3.0 This version does not support security filtering for string conditions. The ThinkPHP 3.1 version adds support for preprocessing conditional strings, making the security of ORM even more guaranteed.

1. Use the where method

Model类的where方法支持字符串条件预处理,使用方式:
$Model->where("id=%d and username='%s' and
xx='%f'",array($id,$username,$xx))->select();

Or use directly:

$Model->where("id=%d and username='%s' and xx='%f'",$id,$username,$xx)->select();

If the $id variable comes from user submission or URL address, if the input is a non-numeric type, it will be forced to be formatted into a numeric format before querying.

The string preprocessing format type supports specifying numbers, strings, etc. For details, please refer to the parameter description of the vsprintf method.

2. Use query and execute methods

In addition to where conditions, preprocessing mechanisms are also supported for native SQL query methods, such as:

$Model->query("SELECT * FROM think_user WHERE id=%d and username='%s' and xx='%f'",array($id,$username,$xx));

The execute method of the model also supports the preprocessing mechanism like the query method.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825457.htmlTechArticleThe previous ThinkPHP3.0 version will perform security filtering on array query conditions (this is due to the mandatory use of 3.0 Field type detection, so array query conditions will be forced to...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn