Laravel HTML 和 SQL 消毒
Laravel HTML and SQL sanitisation
在Laravel 4中进行HTML消毒和SQL消毒的适当方法是什么?
SQL 消毒是自动处理的。来自 docs:
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
Blade templates 使用大括号时自动转义变量,例如{{ $var }}。如果不想转义 HTML,则需要使用 {!! $var !!}。
在Laravel 4中进行HTML消毒和SQL消毒的适当方法是什么?
SQL 消毒是自动处理的。来自 docs:
Note: The Laravel query builder uses PDO parameter binding throughout to protect your application against SQL injection attacks. There is no need to clean strings being passed as bindings.
Blade templates 使用大括号时自动转义变量,例如{{ $var }}。如果不想转义 HTML,则需要使用 {!! $var !!}。