我收到一个字符串参数,我想使用havingRaw:
我收到的字符串:
$searchString = Input::get('q');//example:party beach
我在不同的问题中发现我应该使用它来防止sql注入:
$searchStringEsc = DB::connection()->getPdo()->quote($searchString);
我遇到的问题是,当我用havingRaw插入我的查询时,因为我的字符串现在转义为`party beach`它返回null,但是当我插入未转义字符串时,它工作正常.
->havingRaw('search rlike replace("'.$searchStringEsc.'", " ", "|")')
还有另一种逃避原始参数的方法吗?谢谢
编辑 - 完整查询(我正在进行搜索查询,用户可以在其中输入城市名称,企业名称,标记到企业的任何标签等)
$results = DB::table('events')
->leftJoin('event_tag', 'events.id', '=', 'event_tag.event_id')
->join('tags', 'tags.id', '=', 'event_tag.tag_id')
->join('establishments', 'establishments.id', '=', 'events.establishment_id')
->join('cities', 'establishments.city_id', '=', 'cities.id')
->leftJoin('artist_event', 'events.id', '=', 'artist_event.event_id')
->join('artists', 'artist_event.artist_id', '=', 'artists.id')
->leftJoin('event_music', 'events.id', '=', 'event_music.event_id')
->join('musics', 'musics.id', '=', 'event_music.music_id')
->select('events.id as evId', 'events.slug as evSlug', 'events.name as evName',
'events.cover_path as estPath','establishments.establishment_type_id as estType',
'establishments.name as estName', 'events.start_date as evStart', 'events.end_date as evEnd', …