Yii createCommand Update with bindValue

问题

I'm using createCommand in Yii Framework and I want to know about use bindValue for the params, Ex:

Yii::app()->db->createCommand()
                            ->update('table', array(
                            'field'=>'$valuefield',
                            ), 'id_table=:id_table', array(':id_table'=>$id_table));

In this case, the value of $valuefield and $id_table are protected? Or I should create the sql query manually and pass the parameters with bindValue?

Thank you!

回答1:

In this case, the value of $valuefield and $id_table are protected?

Yes. Method update automaticly binds array's values passed in second param. And also you manualy bind param for condition. To prevent SQL injection always use binding.

来源：https://stackoverflow.com/questions/31619570/yii-createcommand-update-with-bindvalue

标签

php

database

Yii

bindvalue

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!