[SQL Server]不允许从数据类型nvarchar(max)到varbinary(max)的隐式转换。 使用CONVERT函数运行此查询
[英][SQL Server]Implicit conversion from data type nvarchar(max) to varbinary(max) is not allowed. Use the CONVERT function to run this query
问题描述
That is my code 
那是我的代码
DB::statement(DB::raw('EXECUTE dbo.SP_WS_CUST_MAIN ?,?,?,?,?,?,?'),
[ $USER_ID, $CUST_PYMT_MTHD, $CUST_CMMNT, $CUST_NAME, $ANDROID_LOCATION,
DB::raw("CONVERT(VARBINARY(MAX), $value)") , $WEEKDAY]
);
How can convert nvarchar(max) to varbinary(max)? 如何将nvarchar(max)转换为varbinary(max)?
1 个解决方案
解决方案1
0 已采纳 2017-03-21 22:27:16
I can think of three possibilities. 我可以想到三种可能性。 The simplest would be to create a shell stored procedure (say dbo.SP_WS_CUST_MAIN_VC ) that simply accepts the parameters, including $value as a varchar(max), then does the conversion of $value to a varbinary(max) and calls the target stored procedure. 最简单的方法是创建一个外壳存储过程(例如dbo.SP_WS_CUST_MAIN_VC ),该过程简单地接受参数,包括将$value用作varchar(max),然后将$value转换为varbinary(max)并调用存储的目标程序。 This ensures proper quoting with the parameter replacement. 这样可以确保在参数替换中引用正确。
The second (and most hazardous) is to embed the CONVERT into the parameters directly, opening yourself to all sorts of SQL Injection ugliness. 第二种方法(也是最危险的方法)是将CONVERT直接嵌入参数中,从而使您容易遭受各种SQL注入的麻烦。
The third would be to create a UDF that accepts a varchar(max) and returns a varbinary(max) , and embed that into the base EXECUTE call, eg: 第三个是创建一个接受varchar(max)并返回varbinary(max)的UDF,并将其嵌入到基本EXECUTE调用中,例如:
DB::statement(DB::raw('EXECUTE dbo.SP_WS_CUST_MAIN ?,?,?,?,?,dbo.castAsVarbinary(?),?'),
[ $USER_ID, $CUST_PYMT_MTHD, $CUST_CMMNT, $CUST_NAME, $ANDROID_LOCATION,
DB::raw("CONVERT(VARBINARY(MAX), $value)") , $WEEKDAY]
);
Any of these would work, but (1) and (3) should also be secure. 这些方法都可以使用,但是(1)和(3)也应该是安全的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.