CI Active Record 是否可以防止 SQL 注入(inject)?
这是我的代码
$this->db->select('t.DateTime,
su.FirstName,
su.MiddleName,
su.LastName,
l.Description,
t.Temperature,
t.UnitID,
t.Humidity');
$this->db->from('temperaturelogs as t');
$this->db->join('systemusers as su', 'su.UserID = t.Encoder');
$this->db->join('locations as l', 't.LocationID = l.LocationID');
$this->db->where("Cast(t.DateTime as date) >= '$start_date'");
$this->db->where("Cast(t.DateTime as date) <= '$end_date'");
$query = $this->db->get();
if ($query->num_rows() > 0)
{
return $query->result_array();
}
当我尝试在结束日期
中输入此输入时。
我的输入:
';截断表系统用户; #
给我这个错误:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'truncate table systemusers; #'' at line 6
SELECT
t
.DateTime
,su
.FirstName
,su
.MiddleName
,su
.LastName
,l
.Description
,t
.Temperature
,t
.UnitID
,t
.Humidity
FROMtemperaturelogs
ast
JOINsystemusers
assu
ONsu
.UserID
=t
.Encoder
JOINlocations
asl
ONt
.LocationID
=l
.LocationID
WHERE Cast(t.DateTime as date) >= '2016-03-21' AND Cast(t.DateTime as date) <= ''; truncate table systemusers; #'
该错误与我的问题没有任何关系...
最佳答案
尝试,
$this->db->where('Cast(t.DateTime as date) >=', $start_date);
$this->db->where('Cast(t.DateTime as date) <=', $end_date);
关于php - 防止 CodeIgniter 中的 SQL 注入(inject),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/36146583/