w-6ren">
gpt4 book ai didi

laravel-4 - Laravel whereRaw 带参数不起作用?

转载 作者:行者123 更新时间:2023-12-03 06:28:36 26 4
gpt4 key购买 nike

根据文档,这应该有效:

return $query->whereRaw("lang =  '?'",array(App::getLocale()));

但它不起作用:

return $query->whereRaw("lang =  '".App::getLocale()."'");

我做错了什么?这是文档

$users = User::whereRaw('age > ? and votes = 100', array(25))->get();

最佳答案

不需要在“?”两边加引号。占位符。尝试一下:

return $query->whereRaw("lang = ?",array(App::getLocale()));

来自PHP documentation关于 PDO(这里也应该有效):

For those wondering why adding quotes to around a placeholder is wrong, and why you can't use placeholders for table or column names: There is a common misconception about how the placeholders in prepared statements work: they are not simply substituted in as (escaped) strings, and the resulting SQL executed. Instead, a DBMS asked to "prepare" a statement comes up with a complete query plan for how it would execute that query, including which tables and indexes it would use, which will be the same regardless of how you fill in the placeholders.

The plan for "SELECT name FROM my_table WHERE id = :value" will be the same whatever you substitute for ":value", but the seemingly similar "SELECT name FROM :table WHERE id = :value" cannot be planned, because the DBMS has no idea what table you're actually going to select from.

Even when using "emulated prepares", PDO cannot let you use placeholders anywhere, because it would have to work out what you meant: does "Select :foo From some_table" mean ":foo" is going to be a column reference, or a literal string?

When your query is using a dynamic column reference, you should be explicitly white-listing the columns you know to exist on the table, e.g. using a switch statement with an exception thrown in the default: clause.

<小时/>

编辑:请小心,因为这个答案很旧并且可能已经过时。请与 Laravel 的文档确认。

关于laravel-4 - Laravel whereRaw 带参数不起作用?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20837751/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com