SQL 语句中文字前的冒号是什么意思?

2022-01-04 00:00:00 php mysql yii

在变量前使用:"是什么意思?

What does it mean to use ":" before a variable ?

例如这段代码中的:userId:

public function removeUser($userId)
{
 $command = Yii::app()->db->createCommand();
 $command->delete(
 'tbl_project_user_assignment',
 'user_id=:userId AND project_id=:projectId',
 array(':userId'=>$userId,':projectId'=>$this->id));
}

这是Yii框架中的PHP、MySQL代码.

This is PHP,MySQL code in Yii framework.

推荐答案

冒号是一个常用字符,它表示 SQL 语句中变量值的占位符.在这种情况下,这些占位符在运行时被 userIdproject_id 的值替换.这对于避免 SQL 注入漏洞非常有用.

The colon is a common character that indicates a placeholder for a variable value in a SQL statement. In this case, the those placeholders are getting replaced by the value of userId and project_id at runtime. This is great for avoiding SQL injection vulnerabilities.

相关文章