问题
I have the following query:
DB::select("SELECT * FROM mod_dns_records WHERE (scheduled = 'N' AND scheduleTime = 0 AND domainId = {$id}) OR (deleteRow = 'Y' AND domainId = {$id})");
However, this is not safe against SQL injection. Could someone help me to make this safe, or tell me how to rebuild this with the ORM.
Thanks!
回答1:
This would be the query as you had it
$result = DB::table('mod_dns_records')
->where('scheduled', 'N')
->where('scheduleTime', 0)
->where('domainId', $id)
->orWhere('deleteRow', 'Y')
->where('domainId', $id)
->get();
However I noticed it can be optimized a bit since the domainId condition exists in both groups:
$result = DB::table('mod_dns_records')
->where('domainId', $id)
->where(function($q){
$q->where('scheduled', 'N');
$q->where('scheduleTime', 0);
$q->orWhere('deleteRow', 'Y');
})
->get();
来源:https://stackoverflow.com/questions/29036959/laravel-eloquent-orm-complex-where-queries