2
我知道CodeIgniter自动转义发送的值来表示插入或更新查询,例如$bar
,但是如果从发表帖子或获取表格收到表格,它也会转义$table
?我找不到任何文件。CodeIgniter转义表
$this->db->insert($table, array('foo' => $bar));
我知道CodeIgniter自动转义发送的值来表示插入或更新查询,例如$bar
,但是如果从发表帖子或获取表格收到表格,它也会转义$table
?我找不到任何文件。CodeIgniter转义表
$this->db->insert($table, array('foo' => $bar));
如果你看看CodeIgniter的2.x系统/数据库/驱动器/ DB_driver.php近线902
或
在CodeIgniters 3.X系统/数据库/ DB_driver线附近1365
你会发现一个函数调用insert_string(),它看起来像这样:
/**
* Generate an insert string
*
* @access public
* @param string the table upon which the query will be performed
* @param array an associative array data of key/values
* @return string
*/
function insert_string($table, $data)
{
$fields = array();
$values = array();
foreach ($data as $key => $val)
{
$fields[] = $this->_escape_identifiers($key);
$values[] = $this->escape($val);
}
return $this->_insert($this->_protect_identifiers($table, TRUE, NULL, FALSE), $fields, $values);
}
再进行后续功能_protect_identifiers()近线1246(CI 2.X)或称近线1729(CI 3.0):
* Since the column name can include up to four segments (host, DB, table, column)
* or also have an alias prefix, we need to do a bit of work to figure this out and
* insert the table prefix (if it exists) in the proper position, and escape only
* the correct identifiers.
所以答案是肯定的。
的情况下怀疑,你可以随时使用这个:echo ($this->db->last_query());die();
打印出你的最后一个查询执行可能看起来像这样:
INSERT INTO `googlemaps_marker` (`descr`, `Lat`, `Lng`, `pretty_url`, `ID`, `zone_ID`, `kind`, `author_id`, `author`, `date_updated`) VALUES ('sasasasdas', '41.27780646738183', '-7.437744140625', 'sasasasdas', 4, 4, 1, '1', 'Admini Istrator', '2017-07-15 18:20:40')
的确,你是正确的。刚刚确认。谢谢! – Alex