Laravel
Jump to navigation
Jump to search
SQL 查詢語法 Where 變數部分使用問號
"Raw statements will be injected into the query as strings, so you should be extremely careful to not create SQL injection vulnerabilities."[1]
原始 SQL 查詢語法
SELECT `content` FROM `articles` WHERE `content` LIKE "%$search_keyword%"
使用 Laravel whereRaw 或 orWhereRaw,範例代碼
$query = DB::table("articles")
->select("content")
->whereRaw("content LIKE ? ", ['%' . $search_keyword . '%'])
另一種 Laravel 寫法
$query = DB::table("articles")
->select("content")
->where("content", "LIKE", '%' . $search_keyword . '%')
相關資料
- sql - Laravel concat in query (where condition) - Stack Overflow
- Database: Query Builder - Laravel - The PHP Framework For Web Artisans "The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings."
- How do you parameterize whereRaw() in the query builder?