oci_bind_by_name 和 to_date PHP/OCI/Oracle
[英]oci_bind_by_name and to_date PHP/OCI/Oracle
问题描述
I have the following:
我有以下内容:
$ARTIFACT_NAME = $_POST['ArtifactName'];
$ARTIFACT_TYPE = $_POST['ArtifactType'];
$ARTIFACT_LOCATION = $_POST['ArtifactLocation'];
$ARTIFACT_DOMAIN = $_POST['ArtifactDomain'];
$ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];
$ARTIFACT_LABEL = 'DB_'.$ARTIFACT_LOCATION.'_'.$ARTIFACT_DOMAIN.'_'.$ARTIFACT_NAME;
$AUDIT_CONSTRAINTS = $_POST['AuditConstraints'];
$SECURITY_CONSTRAINTS = $_POST['SecurityConstraints'];
$REGISTERED_EMAIL = $_SERVER['HTTP_REMOTE_USER'];
$REGISTERED_TIMESTAMP = "to_date('15-08-2011 14:32:37', 'DD-MM-YYYY HH24:MI:SS')";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8, :bind9, :bind10, :bind11)";
$statement = oci_parse($connection, $query);
oci_bind_by_name($statement, ":bind1", $ARTIFACT_ID);
oci_bind_by_name($statement, ":bind2", $ARTIFACT_NAME);
oci_bind_by_name($statement, ":bind3", $ARTIFACT_TYPE);
oci_bind_by_name($statement, ":bind4", $ARTIFACT_LOCATION);
oci_bind_by_name($statement, ":bind5", $ARTIFACT_DOMAIN);
oci_bind_by_name($statement, ":bind6", $ARTIFACT_AUTHOR);
oci_bind_by_name($statement, ":bind7", $ARTIFACT_LABEL);
oci_bind_by_name($statement, ":bind8", $AUDIT_CONSTRAINTS);
oci_bind_by_name($statement, ":bind9", $SECURITY_CONSTRAINTS);
oci_bind_by_name($statement, ":bind10", $REGISTERED_EMAIL);
oci_bind_by_name($statement, ":bind11", $REGISTERED_TIMESTAMP);
Which gives the following error:这给出了以下错误:
ORA-01858: a non-numeric character was found where a numeric was expected
However, if i just don't bind $REGISTERED_TIMESTAMP and insert the to_date into the $query directly - it works perfectly.但是,如果我只是不绑定$REGISTERED_TIMESTAMP并将to_date直接插入到$query中 - 它可以完美运行。
What's going on?!这是怎么回事?! This is drving me mad!这快把我逼疯了!
1 个解决方案
解决方案1
10 已采纳 2011-08-15 15:45:37
You're using an Oracle statement with bound parameters.您正在使用带有绑定参数的 Oracle 语句。 That's good because it prevents SQL injections where dangerous code is inserted into your SQL statement.这很好,因为它可以防止在 SQL 语句中插入危险代码的 SQL 注入。 However, in this case, it prevents the TO_CHAR function from being executed.但是,在这种情况下,它会阻止执行TO_CHAR function。 Instead, it tries to convert the whole string into a timestamp, which of course doesnt' work.相反,它尝试将整个字符串转换为时间戳,这当然不起作用。
The solution is rather straight-forward: move to TO_CHAR function away from the bound parameter directly into the statement:解决方案相当简单:将TO_CHAR function 从绑定参数直接移到语句中:
$REGISTERED_TIMESTAMP = "15-08-2011 14:32:37";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8,
:bind9, :bind10, to_date(:bind11, 'DD-MM-YYYY HH24:MI:SS'))";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.