CI Active Record 是否可以防止 SQL 注入(inject)?
这是我的代码
$this->db->select('t.DateTime,
su.FirstName,
su.MiddleName,
su.LastName,
l.Description,
t.Temperature,
t.UnitID,
t.Humidity');
$this->db->from('temperaturelogs as t');
$this->db->join('systemusers as su', 'su.UserID = t.Encoder');
$this->db->join('locations as l', 't.LocationID = l.LocationID');
$this->db->where("Cast(t.DateTime as date) >= '$start_date'");
$this->db->where("Cast(t.DateTime as date) <= '$end_date'");
$query = $this->db->get();
if ($query->num_rows() > 0)
{
return $query->result_array();
}
当我尝试在结束日期中输入此输入时。
我的输入:
';截断表系统用户; #
给我这个错误:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'truncate table systemusers; #'' at line 6
SELECT
t.DateTime,su.FirstName,su.MiddleName,su.LastName,l.Description,t.Temperature,t.UnitID,t.HumidityFROMtemperaturelogsastJOINsystemusersassuONsu.UserID=t.EncoderJOINlocationsaslONt.LocationID=l.LocationIDWHERE Cast(t.DateTime as date) >= '2016-03-21' AND Cast(t.DateTime as date) <= ''; truncate table systemusers; #'
该错误与我的问题没有任何关系...
最佳答案
尝试,
$this->db->where('Cast(t.DateTime as date) >=', $start_date);
$this->db->where('Cast(t.DateTime as date) <=', $end_date);
关于php - 防止 CodeIgniter 中的 SQL 注入(inject),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36146583/