[英]How to use DB::insert as a prepared statement LARAVEL
我試圖使我的插入查詢免受SQL注入的影響。 但是我在使它起作用方面遇到問題。 有任何想法嗎? 我已經嘗試了幾件事。
$bullets = Input::get('bullet_content');
$product_id = Input::get('product_id');
$user_id = Input::get('user_id');
$retailer_id = Input::get('retailer_id');
$date = date("Y-m-d H:i:s");
foreach ($bullets as $bullet){
$query = "'INSERT INTO bullets(product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at)
VALUES('?','?','?','?','?','?')', [$product_id,$user_id,$bullet,'N',$date,$date]";
DB::insert($query);
}
return back()->with('message','Features add successfully!');
當我嘗試此操作時,出現以下錯誤:
SQLSTATE[07002]: [Microsoft][ODBC Driver 11 for SQL Server]COUNT field incorrect or syntax error (SQL: 'INSERT INTO bullets(product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at) VALUES('?','?','?','?','?','?')', [1,1,can't,'N',2017-11-10 16:28:44,2017-11-10 16:28:44])
我也嘗試過:
$bullets = Input::get('bullet_content');
$product_id = Input::get('product_id');
$user_id = Input::get('user_id');
$retailer_id = Input::get('retailer_id');
$date = date("Y-m-d H:i:s");
foreach ($bullets as $bullet){
$query = "'INSERT INTO bullets(product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at)
VALUES('?','?','?','?','?','?')' ";
$values = [$product_id,$user_id,$bullet,'N',$date,$date];
DB::insert($query,$values);
}
return back()->with('message','Features add successfully!');
並得到以下錯誤:
SQLSTATE[42000]: [Microsoft][ODBC Driver 11 for SQL Server][SQL Server]Incorrect syntax near 'INSERT INTO bullets(product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at) VALUES('. (SQL: 'INSERT INTO bullets(product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at) VALUES('1','1','can't','N','2017-11-10 16:33:43','2017-11-10 16:33:43')' )
您無需引用問號。 此外,您可以在循環之前初始化$ query並將其用作foreach中的准備查詢:
$bullets = Input::get('bullet_content');
$product_id = Input::get('product_id');
$user_id = Input::get('user_id');
$retailer_id = Input::get('retailer_id');
$date = date("Y-m-d H:i:s");
$query = "INSERT INTO bullets (product_id, user_id,bullet_content, bullet_deleted, created_at, updated_at)
VALUES (?, ?, ?, ?, ?, ?)";
foreach ($bullets as $bullet) {
$values = [$product_id,$user_id,$bullet,'N',$date,$date];
DB::insert($query, $values);
}
return back()->with('message','Features add successfully!');
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.