Laravel 使用带有 convert() 的 insert() 绑定参数
Laravel binding parameter using insert() with convert() inside
我很难绑定我的 SQL 查询,我只剩下几个脑细胞了。
基本上,此代码有效但容易 SQL 注入:
return DB::connection('sqlsrv_rfo_user')
->table('dbo.tbl_rfaccount')
->insert([
'Email' => $email,
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
'birthdate' => $birthday,
'accounttype' => 0,
'BCodeTU' => 1
]);
我想知道如何绑定这些代码行:
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
我确实尝试过这个:
'id' => DB::raw("CONVERT(binary, ?)", [$username]),
'password' => DB::raw("CONVERT(binary, ?)", [$password]),
并收到此错误:
SQLSTATE[07002]: [Microsoft][ODBC Driver 13 for SQL Server]COUNT field incorrect or syntax error (SQL: insert into [dbo].[tbl_rfaccount] ([Email], [id], [password], [birthdate], [accounttype], [BCodeTU]) values (user@example.com, CONVERT(binary, 2011-11-11 00:00:00), CONVERT(binary, 0), 1, ?, ?))
还有这个:
'id' => DB::raw("CONVERT(binary, :username)", ['username' => $username]),
'password' => DB::raw("CONVERT(binary, :password)", ['password' => $password]),
并收到此错误:
SQLSTATE[IMSSP]: An error occurred substituting the named parameters. (SQL: insert into [dbo].[tbl_rfaccount] ([Email], [id], [password], [birthdate], [accounttype], [BCodeTU]) values (user@example.com, CONVERT(binary, :username), CONVERT(binary, :password), 2011-11-11 00:00:00, 0, 1))
如果我尝试完整的原始格式:
return DB::connection('sqlsrv_rfo_user')
->insert("
INSERT INTO [dbo].[tbl_rfaccount]
([id]
,[password]
,[accounttype]
,[birthdate]
,[BCodeTU]
,[Email])
VALUES
((CONVERT(binary, ?)), (CONVERT(binary, ?)), ?, ?, ?, ?)
", [$username, $password, 0, $birthday, 1, $email]);
我收到这个错误:
SQLSTATE[22001]: [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]String or binary data would be truncated. (SQL: INSERT INTO [dbo].[tbl_rfaccount] ([id] ,[password] ,[accounttype] ,[birthdate] ,[BCodeTU] ,[Email]) VALUES ((CONVERT(binary, user01)), (CONVERT(binary, password01)), 0, 2011-11-11 00:00:00, 1, user@example.com)
自从我开始学习 Laravel 以来,我一直在使用 Eloquent,但我有一个项目迫使我使用这些编码方式,所以我别无选择。
你能试试这个吗
return DB::connection('sqlsrv_rfo_user')
->table('dbo.tbl_rfaccount')
->insert([
'Email' => $email,
'id' => DB::raw(`CONVERT(binary,$username)`),
'password' => DB::raw(`CONVERT(binary,$password)`),
'birthdate' => $birthday,
'accounttype' => 0,
'BCodeTU' => 1
]);
根据您上次的错误消息,当您尝试完整的原始查询时:
SQLSTATE[22001]: [Microsoft][ODBC Driver 13 for SQL Server][SQL
Server]String or binary data would be truncated. (SQL: INSERT INTO
[dbo].[tbl_rfaccount] ([id] ,[password] ,[accounttype] ,[birthdate]
,[BCodeTU] ,[Email]) VALUES ((CONVERT(binary, user01)),
(CONVERT(binary, password01)), 0, 2011-11-11 00:00:00, 1,
user@example.com)
您需要在 CONVERT 函数中指定字段的长度。
不是 CONVERT(binary, user01),而是 CONVERT(binary(16), user01)。指定与目标中定义的列相同的长度 table.
如果不指定长度,则在某些情况下假定为 1,在某些情况下假定为 30。
Aaron Bertrand 写了一篇关于这个(和其他)坏习惯的详细文章:
Bad habits to kick : declaring VARCHAR without (length)。 varchar or binary or varbinary 类似这里
正如@Zhorov 在评论中正确指出的那样,如果未指定,CONVERT 函数假定长度为 30。
-- CONVERT Syntax:
CONVERT ( data_type [ ( length ) ] , expression [ , style ] )
...
length
An optional integer that specifies the length of the target
data type, for data types that allow a user specified length. The
default value is 30.
这是一个简单的例子,演示了正在发生的事情:
SELECT
CONVERT(binary(16), '1234567890123456') AS Bin16
,CONVERT(binary, '1234567890123456') as BinNoLength
;
结果:
+------------------------------------+----------------------------------------------------------------+
| Bin16 | BinNoLength |
+------------------------------------+----------------------------------------------------------------+
| 0x31323334353637383930313233343536 | 0x313233343536373839303132333435360000000000000000000000000000 |
+------------------------------------+----------------------------------------------------------------+
因此,当您未在 CONVERT 中指定长度时,您将获得 binary(30) 结果。
并且当您尝试将此长值插入 table 中的列时,您的列的长度不足以存储它,因此长值被截断并且您会看到此错误消息。
我很难绑定我的 SQL 查询,我只剩下几个脑细胞了。
基本上,此代码有效但容易 SQL 注入:
return DB::connection('sqlsrv_rfo_user')
->table('dbo.tbl_rfaccount')
->insert([
'Email' => $email,
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
'birthdate' => $birthday,
'accounttype' => 0,
'BCodeTU' => 1
]);
我想知道如何绑定这些代码行:
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
我确实尝试过这个:
'id' => DB::raw("CONVERT(binary, ?)", [$username]),
'password' => DB::raw("CONVERT(binary, ?)", [$password]),
并收到此错误:
SQLSTATE[07002]: [Microsoft][ODBC Driver 13 for SQL Server]COUNT field incorrect or syntax error (SQL: insert into [dbo].[tbl_rfaccount] ([Email], [id], [password], [birthdate], [accounttype], [BCodeTU]) values (user@example.com, CONVERT(binary, 2011-11-11 00:00:00), CONVERT(binary, 0), 1, ?, ?))
还有这个:
'id' => DB::raw("CONVERT(binary, :username)", ['username' => $username]),
'password' => DB::raw("CONVERT(binary, :password)", ['password' => $password]),
并收到此错误:
SQLSTATE[IMSSP]: An error occurred substituting the named parameters. (SQL: insert into [dbo].[tbl_rfaccount] ([Email], [id], [password], [birthdate], [accounttype], [BCodeTU]) values (user@example.com, CONVERT(binary, :username), CONVERT(binary, :password), 2011-11-11 00:00:00, 0, 1))
如果我尝试完整的原始格式:
return DB::connection('sqlsrv_rfo_user')
->insert("
INSERT INTO [dbo].[tbl_rfaccount]
([id]
,[password]
,[accounttype]
,[birthdate]
,[BCodeTU]
,[Email])
VALUES
((CONVERT(binary, ?)), (CONVERT(binary, ?)), ?, ?, ?, ?)
", [$username, $password, 0, $birthday, 1, $email]);
我收到这个错误:
SQLSTATE[22001]: [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]String or binary data would be truncated. (SQL: INSERT INTO [dbo].[tbl_rfaccount] ([id] ,[password] ,[accounttype] ,[birthdate] ,[BCodeTU] ,[Email]) VALUES ((CONVERT(binary, user01)), (CONVERT(binary, password01)), 0, 2011-11-11 00:00:00, 1, user@example.com)
自从我开始学习 Laravel 以来,我一直在使用 Eloquent,但我有一个项目迫使我使用这些编码方式,所以我别无选择。
你能试试这个吗
return DB::connection('sqlsrv_rfo_user')
->table('dbo.tbl_rfaccount')
->insert([
'Email' => $email,
'id' => DB::raw(`CONVERT(binary,$username)`),
'password' => DB::raw(`CONVERT(binary,$password)`),
'birthdate' => $birthday,
'accounttype' => 0,
'BCodeTU' => 1
]);
根据您上次的错误消息,当您尝试完整的原始查询时:
SQLSTATE[22001]: [Microsoft][ODBC Driver 13 for SQL Server][SQL Server]String or binary data would be truncated. (SQL: INSERT INTO [dbo].[tbl_rfaccount] ([id] ,[password] ,[accounttype] ,[birthdate] ,[BCodeTU] ,[Email]) VALUES ((CONVERT(binary, user01)), (CONVERT(binary, password01)), 0, 2011-11-11 00:00:00, 1, user@example.com)
您需要在 CONVERT 函数中指定字段的长度。
不是 CONVERT(binary, user01),而是 CONVERT(binary(16), user01)。指定与目标中定义的列相同的长度 table.
如果不指定长度,则在某些情况下假定为 1,在某些情况下假定为 30。
Aaron Bertrand 写了一篇关于这个(和其他)坏习惯的详细文章:
Bad habits to kick : declaring VARCHAR without (length)。 varchar or binary or varbinary 类似这里
正如@Zhorov 在评论中正确指出的那样,如果未指定,CONVERT 函数假定长度为 30。
-- CONVERT Syntax: CONVERT ( data_type [ ( length ) ] , expression [ , style ] )...
length
An optional integer that specifies the length of the target data type, for data types that allow a user specified length. The default value is 30.
这是一个简单的例子,演示了正在发生的事情:
SELECT
CONVERT(binary(16), '1234567890123456') AS Bin16
,CONVERT(binary, '1234567890123456') as BinNoLength
;
结果:
+------------------------------------+----------------------------------------------------------------+
| Bin16 | BinNoLength |
+------------------------------------+----------------------------------------------------------------+
| 0x31323334353637383930313233343536 | 0x313233343536373839303132333435360000000000000000000000000000 |
+------------------------------------+----------------------------------------------------------------+
因此,当您未在 CONVERT 中指定长度时,您将获得 binary(30) 结果。
并且当您尝试将此长值插入 table 中的列时,您的列的长度不足以存储它,因此长值被截断并且您会看到此错误消息。