问题描述

我想知道下面的代码是否需要更多有关SQL注入的安全性？

I would like to know if the following piece of code would require any more security concerning SQL injections, or not?

$ this-> db-> insert（ 'users'，$ insert_data_array）；

$this->db->insert('users', $insert_data_array);

Code Igniter Wiki指出

The Code Igniter wiki says that

注意：所有值都是逃脱了自动产生更安全的查询。

"Note: All values are escaped automatically producing safer queries."

请消除我的疑问。

推荐答案

不。只要您使用Active Record类，就不必担心安全性。它会自动转义每个查询。在应用程序与跨数据库兼容的情况下构建查询甚至更加容易。输入数据也由Security类检查，因此您不必担心任何事情。

Nope. You shouldn't be concerned for security as long as you are using the Active Record class. It automatically escapes every query. It is even easier to build the queries with at an your application becomes cross-database compatible. The input data is checked by the Security class also, so you don't have to be worried about anything.

这篇关于带插入功能的代码点火器安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！