Shulou(Shulou.com)06/01 Report--

This article mainly introduces the relevant knowledge of "there is no pretreatment in thinkphp". The editor shows you the operation process through an actual case. The method of operation is simple and fast, and it is practical. I hope this article "there is no pretreatment in thinkphp" can help you solve the problem.

There is preprocessing in thinkphp. The "ThinkPHP3.1" version adds support for preprocessing conditional strings, making ORM more secure. Methods: 1. Use where method to preprocess string conditions; 2. Use query and execute methods to preprocess native SQL query mode.

This article operating environment: Windows10 system, ThinkPHP5 version, Dell G3 computer.

Is there any pretreatment in thinkphp?

There is preprocessing in thinkphp

Previous versions of ThinkPHP3.0 used to safely filter query conditions in array mode (due to the mandatory use of field type detection in 3.0, so query conditions in array mode were forced to be converted to the set type of fields), but version 3.0 does not support secure filtering of string conditions. On the other hand, the ThinkPHP3.1 version adds support for preprocessing conditional strings, which makes ORM more secure.

1. Use where method

The where method of the Model class supports string conditional preprocessing, which is used:

$Model- > where ("id=%d and username='%s' andxx='%f'", array ($id,$username,$xx)-> select ()

Or directly use:

Model- > where ("id=%d and username='%s' and xx='%f'", $id,$username,$xx)-> select ()

If the $id variable comes from a user submission or URL address, and if a non-numeric type is passed in, the query operation will be forced to be formatted into a numeric format.

The format type of string preprocessing supports specifying numbers, strings, etc. For more information, please see the parameter description of vsprintf method.

2. Use query and execute methods

In addition to where conditions, preprocessing mechanisms are also supported for native SQL query methods, such as:

$Model- > query ("SELECT * FROM think_user WHERE id=%d and username='%s' and xx='%f'", array ($id,$username,$xx))

The execute method of the model supports the preprocessing mechanism as well as the query method.

This is the end of the content about "is there any pretreatment in thinkphp"? thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.