[英][SQL Server]Implicit conversion from data type nvarchar(max) to varbinary(max) is not allowed. Use the CONVERT function to run this query
That is my code 那是我的代码
DB::statement(DB::raw('EXECUTE dbo.SP_WS_CUST_MAIN ?,?,?,?,?,?,?'),
[ $USER_ID, $CUST_PYMT_MTHD, $CUST_CMMNT, $CUST_NAME, $ANDROID_LOCATION,
DB::raw("CONVERT(VARBINARY(MAX), $value)") , $WEEKDAY]
);
How can convert nvarchar(max) to varbinary(max)? 如何将nvarchar(max)转换为varbinary(max)?
I can think of three possibilities. 我可以想到三种可能性。 The simplest would be to create a shell stored procedure (say
dbo.SP_WS_CUST_MAIN_VC
) that simply accepts the parameters, including $value
as a varchar(max), then does the conversion of $value
to a varbinary(max)
and calls the target stored procedure. 最简单的方法是创建一个外壳存储过程(例如
dbo.SP_WS_CUST_MAIN_VC
),该过程简单地接受参数,包括将$value
用作varchar(max),然后将$value
转换为varbinary(max)
并调用存储的目标程序。 This ensures proper quoting with the parameter replacement. 这样可以确保在参数替换中引用正确。
The second (and most hazardous) is to embed the CONVERT
into the parameters directly, opening yourself to all sorts of SQL Injection ugliness. 第二种方法(也是最危险的方法)是将
CONVERT
直接嵌入参数中,从而使您容易遭受各种SQL注入的麻烦。
The third would be to create a UDF that accepts a varchar(max)
and returns a varbinary(max)
, and embed that into the base EXECUTE
call, eg: 第三个是创建一个接受
varchar(max)
并返回varbinary(max)
的UDF,并将其嵌入到基本EXECUTE
调用中,例如:
DB::statement(DB::raw('EXECUTE dbo.SP_WS_CUST_MAIN ?,?,?,?,?,dbo.castAsVarbinary(?),?'),
[ $USER_ID, $CUST_PYMT_MTHD, $CUST_CMMNT, $CUST_NAME, $ANDROID_LOCATION,
DB::raw("CONVERT(VARBINARY(MAX), $value)") , $WEEKDAY]
);
Any of these would work, but (1) and (3) should also be secure. 这些方法都可以使用,但是(1)和(3)也应该是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.