如何防止SQL注入,而從數據庫中獲取數據時從用戶輸入收到的使用參數:如何防止SQL注入的參數使用CakePHP
if(isset($_GET['cityval']) && $_GET['cityval'] !=''){
$city = $this->request->query('cityval');
$searching .= " and college_city in ($city) ";
} else {
$searching .= "";
}
if(isset($_GET['scholarship']) && $_GET['scholarship'] !=''){
$searching .= " and college_scholarship = '".$_GET['scholarship']."' ";
} else {
$searching .= "";
}
我的主查詢低於
$search = $this->Search->query("select * from colleges where college_id!='' and status='active' $searching order by $order desc limit $start, 10 ");
嗨,這將返回一個數組,並且如果(!empty($ city)){PDO作爲參數標記的限制,如何將數組放入查詢 – user3198563
中。 $ cityList = array_filter(explode(',',$ city),function($ item){ return preg_match('/^\ d + $ /',$ item); }); $ searching。=「and college_city in($ cityList)」; } – user3198563
我剛更新了代碼。對不起。我忘了添加implode(),因爲我沒有運行/測試代碼 – wcomnisky