问题描述

我无法在线找到它，但是Eloquent ORM是否像PDO准备好的语句那样处理SQL注入?

I couldn't find it online, but does Eloquent ORM take care of SQL injection like PDO prepared statements do?

推荐答案

根据您的问题，所有雄辩的查询都会得到处理SQL注入，因为它们在内核中使用PDO驱动程序.那么你不必担心，但是输入将按原样存储，因此您可以想要根据您的应用程序需求进行清理(HTML格式，等)

As per your question all the eloquent queries are taken care of forSQL injection, because they use the PDO driver in core. So youdon't have to worry, but the input are stored as they are so you mightwant to sanitize as per your application's needs (HTML formatting,etc.)

这篇关于雄辩的ORM(laravel 5)是否处理​​SQL注入?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！