<bdo id='E3HXw'></bdo><ul id='E3HXw'></ul>
      <legend id='E3HXw'><style id='E3HXw'><dir id='E3HXw'><q id='E3HXw'></q></dir></style></legend>
      <i id='E3HXw'><tr id='E3HXw'><dt id='E3HXw'><q id='E3HXw'><span id='E3HXw'><b id='E3HXw'><form id='E3HXw'><ins id='E3HXw'></ins><ul id='E3HXw'></ul><sub id='E3HXw'></sub></form><legend id='E3HXw'></legend><bdo id='E3HXw'><pre id='E3HXw'><center id='E3HXw'></center></pre></bdo></b><th id='E3HXw'></th></span></q></dt></tr></i><div id='E3HXw'><tfoot id='E3HXw'></tfoot><dl id='E3HXw'><fieldset id='E3HXw'></fieldset></dl></div>

      1. <small id='E3HXw'></small><noframes id='E3HXw'>

      2. <tfoot id='E3HXw'></tfoot>
      3. 如何在 Joomla 3 的查询中使用准备语句/绑定值?

        时间:2023-10-16
        • <bdo id='CbOmY'></bdo><ul id='CbOmY'></ul>

            • <tfoot id='CbOmY'></tfoot>

              <legend id='CbOmY'><style id='CbOmY'><dir id='CbOmY'><q id='CbOmY'></q></dir></style></legend>
            • <i id='CbOmY'><tr id='CbOmY'><dt id='CbOmY'><q id='CbOmY'><span id='CbOmY'><b id='CbOmY'><form id='CbOmY'><ins id='CbOmY'></ins><ul id='CbOmY'></ul><sub id='CbOmY'></sub></form><legend id='CbOmY'></legend><bdo id='CbOmY'><pre id='CbOmY'><center id='CbOmY'></center></pre></bdo></b><th id='CbOmY'></th></span></q></dt></tr></i><div id='CbOmY'><tfoot id='CbOmY'></tfoot><dl id='CbOmY'><fieldset id='CbOmY'></fieldset></dl></div>
                <tbody id='CbOmY'></tbody>

                1. <small id='CbOmY'></small><noframes id='CbOmY'>

                2. 本文介绍了如何在 Joomla 3 的查询中使用准备语句/绑定值?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  我想知道如何在 where 子句中绑定值.我知道出于安全原因必须这样做.

                  I'd like to know how to bind values in where clause. I have understood that is something that MUST be done for security reasons.

                  $db = JFactory::getDbo();
                  $query = $db->getQuery(true);
                  $query
                      ->select("*")
                      ->from($db->quoteName("food"))
                      ->where("taste = :taste")
                      ->bind(':taste', 'sweet');
                  $db->setQuery($query);
                  $rows = $db->loadAssocList();
                  

                  我收到此错误:

                  您的 SQL 语法有错误;检查手册对应于您的 MySQL 服务器版本以使用正确的语法靠近第 3 行的 ':taste' SQL=SELECT * FROM food WHEREtaste = :taste

                  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':taste' at line 3 SQL=SELECT * FROM food WHERE taste = :taste

                  我的代码基于这篇文章.它说在 Joomla 3.1 中只有PDO/Sqlite 和 PDO/Oracle 支持准备好的语句",我使用的是 Joomla 3.2.1 和 MySQL,在我的 Joomla 配置 MySQLi.可能是这个问题吗?

                  My code is based on this post. It said that in Joomla 3.1 only "PDO/Sqlite and PDO/Oracle are supporting prepared statements", I am using Joomla 3.2.1 and MySQL, and in my Joomla configuration MySQLi. Could be that the problem?

                  我很困惑,因为我不知道必须遵循什么 API/Class.

                  I am quite confused because I dont know what API / Class have to follow.

                  • JDatabase for Joomla 3.x 有没有绑定方法,而且资料很少,好像没有完成.
                  • JDatabase for Joomla 2.5 有更多信息,但显然是不是我的版本.没有绑定方法.
                  • JDatabaseQuery for Joomla 3.x 没有绑定方法
                  • JDatabaseQuerySqlite for Joomla 3.x 绑定方法
                  • JDatabaseQueryPdo for Joomla 3.x 没有绑定方法
                  • Joomla 3.x 的 JTable 绑定方法
                  • JDatabase for Joomla 3.x there is no bind method, and the information is scant, seems like is not completed.
                  • JDatabase for Joomla 2.5 has more information, but obviously is not my version. there is no bind method.
                  • JDatabaseQuery for Joomla 3.x there is no bind method
                  • JDatabaseQuerySqlite for Joomla 3.x has bind method
                  • JDatabaseQueryPdo for Joomla 3.x there is no bind method
                  • JTable for Joomla 3.x has bind method

                  我什至开始怀疑是否必须使用 JFactory::getDbo() 在 Joomla DB 中选择/插入/更新/删除数据.

                  Even I'm starting to doubt if I have to use JFactory::getDbo() to Select/Insert/Update/Delete data in Joomla DB.

                  提前致谢.

                  推荐答案

                  据我所知,您不能使用准备好的语句,也不能使用 Joomla 绑定值.

                  As far as I know, you can't use prepared statements nor bind values with Joomla.

                  如果您从 Joomla 文档 (http://docs.joomla.org/Secure_coding_guidelines#Constructing_SQL_queries),他们不讨论准备好的语句,只讨论使用强制转换或引用来避免 SQL 注入.

                  If you read the Secure Coding Guideliness from the Joomla documentation (http://docs.joomla.org/Secure_coding_guidelines#Constructing_SQL_queries), they don't talk about prepared statements, only about using casting or quoting to avoid SQL injection.

                  这篇关于如何在 Joomla 3 的查询中使用准备语句/绑定值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:Joomla 1.5 com_user 和导入用户插件,如 Joomla 1.6 及更高版本 下一篇:致命错误:已用尽允许的 25165824 字节内存大小(尝试分配 31436096 字节)

                  相关文章

                    <i id='pvAjQ'><tr id='pvAjQ'><dt id='pvAjQ'><q id='pvAjQ'><span id='pvAjQ'><b id='pvAjQ'><form id='pvAjQ'><ins id='pvAjQ'></ins><ul id='pvAjQ'></ul><sub id='pvAjQ'></sub></form><legend id='pvAjQ'></legend><bdo id='pvAjQ'><pre id='pvAjQ'><center id='pvAjQ'></center></pre></bdo></b><th id='pvAjQ'></th></span></q></dt></tr></i><div id='pvAjQ'><tfoot id='pvAjQ'></tfoot><dl id='pvAjQ'><fieldset id='pvAjQ'></fieldset></dl></div>
                  1. <legend id='pvAjQ'><style id='pvAjQ'><dir id='pvAjQ'><q id='pvAjQ'></q></dir></style></legend>

                    <small id='pvAjQ'></small><noframes id='pvAjQ'>

                      <bdo id='pvAjQ'></bdo><ul id='pvAjQ'></ul>

                    1. <tfoot id='pvAjQ'></tfoot>