Laravel参数绑定导致偶尔的MySQL一般错误

Question

I have an array of integers that need to be inserted as a batch of rows. Each row needs some other data.

$ids = [1,2]
$thing = 1
$now = Carbon::now(); // This is just a timestamp.
$binding_values = trim(str_repeat("({$thing}, ?, '{$now}'),", count($ids)), ',');

The string $binding_values looks like this:

"(1, ?, '2019-01-01 00:00:00'), (1, ?, '2019-01-01 00:00:00')"

Then I prepare my query string and bind the parameters to it. The IGNORE is used because I have a composite unique index on the table. It doesn't seem relevant to the problem though so I've left the details out.

DB::insert("
    INSERT IGNORE INTO table (thing, id, created_at)
    VALUES {$binding_values}
", $ids);

This works almost all the time but every now and then I get an error SQLSTATE[HY000]: General error: 2031 .

Is the way I'm doing this parameter binding some kind of anti-pattern with Laravel? What might the source of this error be?

EDIT: Because there is no risk of injection in this method and there is no chance that this method would be extended to a use case with a risk of injection, I've modified it to bake in all the parameters and skip parameter binding. I haven't seen any errors so far.

I would still like to know what might cause this behaviour so I can manage it better in the future. I'd be grateful for any insight.

Answer 1

I don't see a big issue with your query other than baking parameters into the query, which is vulnerable to SQL injection.

From what I can see, your problem is that you need INSERT ÌGNORE INTO which is not supported out of the box by Laravel. Have you thought about using a third-party package like staudenmeir/laravel-upsert ?

An alternative could be to wrap your query in a transaction and select existing entries first, giving you the chance to not insert them a second time:

$ids   = [1, 2];
$thing = 1;
$time  = now();

DB::transaction(function () use ($ids, $thing, $time) {
    $existing = DB::table('some_table')->whereIn('id', $ids)->pluck('id')->toArray();
    $toInsert = array_diff($ids, $existing);

    $dataToInsert = array_map(function ($id) use ($thing, $time) {
        return [
            'id' => $id,
            'thing' => $thing,
            'created_at' => $time
        ];
    }, $toInsert);

    DB::table('some_table')->insert($dataToInsert);
});

This way you will only insert what is not present yet, but you will also stay within the framework capabilities of the query builder. Only downside is that it will be slightly slower due to a second roundtrip to the database.