Mysql Laravel DB:：原始绑定参数

我在尝试将数据绑定到查询时遇到问题。 我正在使用php框架Laravel5.7版本

尝试以这种方式绑定数据：

DB::raw("(
        select 
            10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 )  
                * (drivers.salary_per_hour / 3600) / 10)
        from assignments
        where 
            assignments.driver_id = drivers.id 
            and assignments.driving_day 
                between STR_TO_DATE('?', '%Y-%m-%d') 
                and STR_TO_DATE('?', '%Y-%m-%d') ) 
        as salary",[
            $dates['from'],
            $dates['to']
        ])

并接收null作为结果

$dates数组值：

['from' => '2019-03-01', 'to' => '2019-03-31']

但是如果我这样做，它工作得很好，但是有SQL注入，我认为如果我绑定数据会更好

$drivers = Driver::select([
        'id', 'name', 'surname', 'phone', 'driver_status','driver_status', 'updated_at', 'updated_at', 'photo',
        'salary_per_hour',
        DB::raw("(
            select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 )  * (drivers.salary_per_hour / 3600) / 10)
            from assignments
            where assignments.driver_id = drivers.id 
            and assignments.driving_day between STR_TO_DATE('".$dates['from']."', '%Y-%m-%d') and STR_TO_DATE('".$dates['to']."', '%Y-%m-%d') ) as salary"),
        DB::raw("(
            select SEC_TO_TIME(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ))
            from assignments
            where assignments.driver_id = drivers.id 
            and assignments.driving_day between STR_TO_DATE('".$dates['from']."', '%Y-%m-%d') and STR_TO_DATE('".$dates['to']."', '%Y-%m-%d') ) as worked_hours"),
    ])->whereHas('assigments', function ($query) use ($dates) {
        $query->whereBetween('driving_day', [$dates['from'], $dates['to']]);
    });

    $table = $drivers->paginate(15);

我的数据绑定有什么问题

===

我试过这样做

and assignments.driving_day 
between STR_TO_DATE(?, '%Y-%m-%d') 
and STR_TO_DATE(?, '%Y-%m-%d') )

并得到错误：

QLSTATE[HY093]: Invalid parameter number (SQL: select `id`, `name`, `surname`, `phone`, `driver_status`, `driver_status`, `updated_at`, `updated_at`, `photo`,  ▶
            select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 )  * (drivers.salary_per_hour / 3600) / 10)
            from assignments
            where assignments.driver_id = drivers.id 
            and assignments.driving_day between STR_TO_DATE('2019-03-07', '%Y-%m-%d') and STR_TO_DATE('2019-03-31', '%Y-%m-%d') ) as salary, (
            select SEC_TO_TIME(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ))
            from assignments
            where assignments.driver_id = drivers.id 
            and assignments.driving_day between STR_TO_DATE('2019-03-07', '%Y-%m-%d') and STR_TO_DATE('2019-03-31', '%Y-%m-%d') ) as worked_hours, (
    select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 )  * (drivers.salary_per_hour / 3600) / 10)
    from assignments
    where assignments.driver_id = drivers.id 
    and assignments.driving_day between STR_TO_DATE(2019-03-07, '%Y-%m-%d') and STR_TO_DATE(2019-03-31, '%Y-%m-%d') ) as test from `drivers` where exists (select * from `assignments` where `drivers`.`id` = `assignments`.`driver_id` and `driving_day` between ? and ?) limit 15 offset 0)

在您的查询中：

and assignments.driving_day 
    between STR_TO_DATE('?', '%Y-%m-%d') 
    and STR_TO_DATE('?', '%Y-%m-%d') )

不应引用绑定参数“？”。与其他数据库接口一样，Lavarel为您处理该级别的封装

你想要：

and assignments.driving_day 
    between STR_TO_DATE(?, '%Y-%m-%d') 
    and STR_TO_DATE(?, '%Y-%m-%d') )

在您的查询中：

and assignments.driving_day 
    between STR_TO_DATE('?', '%Y-%m-%d') 
    and STR_TO_DATE('?', '%Y-%m-%d') )

不应引用绑定参数“？”。与其他数据库接口一样，Lavarel为您处理该级别的封装

你想要：

and assignments.driving_day 
    between STR_TO_DATE(?, '%Y-%m-%d') 
    and STR_TO_DATE(?, '%Y-%m-%d') )

---

您需要删除？s周围的引号。您需要删除？s周围的引号。@VardanNersesyan:查询的最后一部分还需要参数：select*from assignments where drivers.id=assignments.driver\u id和driving\u day？和您需要以绑定其他参数的方式绑定它们。@VardanNersesyan:查询的最后一部分还需要参数：select*from assignments，其中drivers.id=assignments.driver\u id和driving\u day介于两者之间？和您需要像绑定其他参数一样绑定它们。