我已经开始学习Laravel 5. *,目前我正在开发一些基本的管理面板。创建用户/ delte / edit等
我已将此更新用户详细信息
public function update( UserRequest $request){
$user = User::find( $request['id'] );
$hasuser = User::where('email','=',$request['email'])->where('id','!=',$request['id'])->first();
if($hasuser){
$request->session()->flash('alert-error','User with given email address already exist. Plese try with another email address!!.');
return redirect()->route('admin.users');
}
$user->name = $request['name'];
$user->email = $request['email'];
$user->phone = $request['phone'];
$user->role = $request['role'];
if(!empty($request['password'])){
$password = bcrypt($request['password']);
$user->password = $password;
}
if($user->save())
$request->session()->flash('alert-success','User updated successfully.');
else
$request->session()->flash('alert-error','Can not update User now. Please try again!!.');
return redirect()->route('admin.users');
}
我不确定的是查询
$hasuser = User::where('email','=',$request['email'])->where('id','!=',$request['id'])->first();
从安全性和sql注入的角度看这个变量是好的,$request['email'],$request['id']
如果没有,你能告诉我这里有什么好方法吗?
答案 0 :(得分:1)
Laravel的Eloquent ORM使用PDO绑定来避免SQL注入,但这并不是说在使用它之前验证用户输入是不好的做法。