问题
First:
DB::table('someTable')
->selectRaw('count(*), min(some_field) as someMin, max(another_field) as someMax')
->get();
Second:
DB::table('someTable')->select(
array(
DB::raw('min(some_field) as someMin'),
DB::raw('max(another_field) as someMax'),
DB::raw('COUNT(*) as `count`')
)
)->get()
The above two query result is same , but my question is there any possible security issues(SQL injections) with these two queries if i use user inputs directly in where conditions.
回答1:
As per Laravel's documentation:
Note: The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
来源:https://stackoverflow.com/questions/34408900/laravel-selectraw-vs-dbraw