Yii2使用bindparam插入查询以进行sql注入

Question

我想用但不行，请帮助我。

$sql = Yii::$app->db("INSERT INTO posts(name) VALUES(:name)");
$sql->bindValues([':name' => 'John']);
$sql->execute();

Answer 1

尝试创建命令excevert

    Yii::$app->db->createCommand('INSERT INTO posts(name) VALUES(:name)')
          ->bindParam(':name' => 'John')->execute();