我被陷在這個核心查詢它給致命錯誤 這裏是我的查詢: -如何在cakephp 3.0中使用與mysql連接的核心查詢?
$userTransactions =
$this->query('select transactions.*,restaurants.title from transactions
JOIN restaurants ON transactions.place_id = restaurants.id
where (transactions.user = "'.$username.'"
and transactions.place_type = "Cafe & Restaurants")
order by transactions.id desc')
->fetchAll('assoc');
在這裏,我已經使用這個查詢,但是這給了我致命的error.I我使用CakePHP 3.0 燦任何人都幫助我。感謝提前:)
此查詢介紹CakePHP 2.0運行但在Cakephp3.0你必須使用這樣 必須設置這樣的連接:
$conn = ConnectionManager::get('default');
之後,你必須使用EXCUTE聲明,但要確保你使用正確的預處理語句,並不插入(用戶)數據到查詢直接,因爲這是一個可能的SQL注入漏洞:
$userTransactions = $conn
->execute(
'
select transactions.*,restaurants.title
from transactions
JOIN restaurants ON transactions.place_id = restaurants.id
where (
transactions.user = :username and
transactions.place_type = "Cafe & Restaurants"
)
order by transactions.id desc
',
['username' => $username],
['username' => 'string']
)
->fetchAll('assoc');
希望它有幫助!
又見
Cookbook > Database Access & ORM > Database Basics > Running Select Statements
它工作正常..感謝 –
you。很高興幫助歡迎的 – kunal
這是一個可能的SQL注入漏洞!請** _永遠不要將(用戶)數據直接包含到查詢中,始終使用預先準備的語句/綁定! ** https://book.cakephp.org/3.0/en/orm/database-basics.html#running-select-statements** – ndm