Skip to content

Commit 6db75d1

Browse files
author
liu21st@gmail.com
committed
数据库查询的条件传入字符串的时候 使用escapeString过滤
git-svn-id: http://thinkphp.googlecode.com/svn/trunk@2997 539fd3ec-2725-0410-b7ab-251e373a8e33
1 parent e31fe01 commit 6db75d1

File tree

2 files changed

+1
-4
lines changed

2 files changed

+1
-4
lines changed

ThinkPHP/Lib/Core/Db.class.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -458,7 +458,7 @@ protected function parseWhere($where) {
458458
$whereStr = '';
459459
if(is_string($where)) {
460460
// 直接使用字符串条件
461-
$whereStr = $where;
461+
$whereStr = $this->escapeString($where);
462462
}else{ // 使用数组或者对象条件表达式
463463
if(isset($where['_logic'])) {
464464
// 定义逻辑运算规则 例如 OR XOR AND NOT

ThinkPHP/Lib/Core/Model.class.php

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1665,9 +1665,6 @@ public function scope($scope='',$args=NULL){
16651665
+----------------------------------------------------------
16661666
* @access public
16671667
+----------------------------------------------------------
1668-
* @param mixed $where
1669-
* @param array $params
1670-
+----------------------------------------------------------
16711668
* @return Model
16721669
+----------------------------------------------------------
16731670
*/

0 commit comments

Comments
 (0)