Laravel: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
Line 16: | Line 16: | ||
$query = DB::table("articles") | $query = DB::table("articles") | ||
->select("content") | ->select("content") | ||
->whereRaw("content LIKE ? ", [ | ->whereRaw("content LIKE ? ", ["%$search_keyword%"]) | ||
</pre> | </pre> | ||
Line 23: | Line 23: | ||
$query = DB::table("articles") | $query = DB::table("articles") | ||
->select("content") | ->select("content") | ||
->where("content", "LIKE", | ->where("content", "LIKE", "%$search_keyword%") | ||
</pre> | </pre> | ||
Latest revision as of 11:32, 29 August 2019
Laravel - The PHP Framework For Web Artisans (繁體中文文件: Laravel - 為網頁藝術家創造的 PHP 框架)
SQL 查詢語法 Where 變數部分使用問號[edit]
"Raw statements will be injected into the query as strings, so you should be extremely careful to not create SQL injection vulnerabilities."[1]
原始 SQL 查詢語法
SELECT `content` FROM `articles` WHERE `content` LIKE "%$search_keyword%"
使用 Laravel whereRaw 或 orWhereRaw,範例代碼
$query = DB::table("articles") ->select("content") ->whereRaw("content LIKE ? ", ["%$search_keyword%"])
另一種 Laravel 寫法
$query = DB::table("articles") ->select("content") ->where("content", "LIKE", "%$search_keyword%")
相關資料
- sql - Laravel concat in query (where condition) - Stack Overflow
- Database: Query Builder - Laravel - The PHP Framework For Web Artisans "The Laravel query builder uses PDO parameter binding to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings."
- How do you parameterize whereRaw() in the query builder?