[英]oci_bind_by_name and to_date PHP/OCI/Oracle
我有以下内容:
$ARTIFACT_NAME = $_POST['ArtifactName'];
$ARTIFACT_TYPE = $_POST['ArtifactType'];
$ARTIFACT_LOCATION = $_POST['ArtifactLocation'];
$ARTIFACT_DOMAIN = $_POST['ArtifactDomain'];
$ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];
$ARTIFACT_LABEL = 'DB_'.$ARTIFACT_LOCATION.'_'.$ARTIFACT_DOMAIN.'_'.$ARTIFACT_NAME;
$AUDIT_CONSTRAINTS = $_POST['AuditConstraints'];
$SECURITY_CONSTRAINTS = $_POST['SecurityConstraints'];
$REGISTERED_EMAIL = $_SERVER['HTTP_REMOTE_USER'];
$REGISTERED_TIMESTAMP = "to_date('15-08-2011 14:32:37', 'DD-MM-YYYY HH24:MI:SS')";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8, :bind9, :bind10, :bind11)";
$statement = oci_parse($connection, $query);
oci_bind_by_name($statement, ":bind1", $ARTIFACT_ID);
oci_bind_by_name($statement, ":bind2", $ARTIFACT_NAME);
oci_bind_by_name($statement, ":bind3", $ARTIFACT_TYPE);
oci_bind_by_name($statement, ":bind4", $ARTIFACT_LOCATION);
oci_bind_by_name($statement, ":bind5", $ARTIFACT_DOMAIN);
oci_bind_by_name($statement, ":bind6", $ARTIFACT_AUTHOR);
oci_bind_by_name($statement, ":bind7", $ARTIFACT_LABEL);
oci_bind_by_name($statement, ":bind8", $AUDIT_CONSTRAINTS);
oci_bind_by_name($statement, ":bind9", $SECURITY_CONSTRAINTS);
oci_bind_by_name($statement, ":bind10", $REGISTERED_EMAIL);
oci_bind_by_name($statement, ":bind11", $REGISTERED_TIMESTAMP);
这给出了以下错误:
ORA-01858: a non-numeric character was found where a numeric was expected
但是,如果我只是不绑定$REGISTERED_TIMESTAMP
并将to_date
直接插入到$query
中 - 它可以完美运行。
这是怎么回事?! 这快把我逼疯了!
您正在使用带有绑定参数的 Oracle 语句。 这很好,因为它可以防止在 SQL 语句中插入危险代码的 SQL 注入。 但是,在这种情况下,它会阻止执行TO_CHAR
function。 相反,它尝试将整个字符串转换为时间戳,这当然不起作用。
解决方案相当简单:将TO_CHAR
function 从绑定参数直接移到语句中:
$REGISTERED_TIMESTAMP = "15-08-2011 14:32:37";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8,
:bind9, :bind10, to_date(:bind11, 'DD-MM-YYYY HH24:MI:SS'))";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.