Mysql Laravel DB::原始绑定参数
我在尝试将数据绑定到查询时遇到问题。 我正在使用php框架Laravel5.7版本 尝试以这种方式绑定数据:Mysql Laravel DB::原始绑定参数,mysql,sql,laravel,laravel-5,eloquent,Mysql,Sql,Laravel,Laravel 5,Eloquent,我在尝试将数据绑定到查询时遇到问题。 我正在使用php框架Laravel5.7版本 尝试以这种方式绑定数据: DB::raw("( select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ) * (drivers.salary_per_hour / 3600) / 10) from assignments
DB::raw("(
select
10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 )
* (drivers.salary_per_hour / 3600) / 10)
from assignments
where
assignments.driver_id = drivers.id
and assignments.driving_day
between STR_TO_DATE('?', '%Y-%m-%d')
and STR_TO_DATE('?', '%Y-%m-%d') )
as salary",[
$dates['from'],
$dates['to']
])
并接收null作为结果
$dates数组值:
['from' => '2019-03-01', 'to' => '2019-03-31']
但是如果我这样做,它工作得很好,但是有SQL注入,我认为如果我绑定数据会更好
$drivers = Driver::select([
'id', 'name', 'surname', 'phone', 'driver_status','driver_status', 'updated_at', 'updated_at', 'photo',
'salary_per_hour',
DB::raw("(
select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ) * (drivers.salary_per_hour / 3600) / 10)
from assignments
where assignments.driver_id = drivers.id
and assignments.driving_day between STR_TO_DATE('".$dates['from']."', '%Y-%m-%d') and STR_TO_DATE('".$dates['to']."', '%Y-%m-%d') ) as salary"),
DB::raw("(
select SEC_TO_TIME(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ))
from assignments
where assignments.driver_id = drivers.id
and assignments.driving_day between STR_TO_DATE('".$dates['from']."', '%Y-%m-%d') and STR_TO_DATE('".$dates['to']."', '%Y-%m-%d') ) as worked_hours"),
])->whereHas('assigments', function ($query) use ($dates) {
$query->whereBetween('driving_day', [$dates['from'], $dates['to']]);
});
$table = $drivers->paginate(15);
我的数据绑定有什么问题
===
我试过这样做
and assignments.driving_day
between STR_TO_DATE(?, '%Y-%m-%d')
and STR_TO_DATE(?, '%Y-%m-%d') )
并得到错误:
QLSTATE[HY093]: Invalid parameter number (SQL: select `id`, `name`, `surname`, `phone`, `driver_status`, `driver_status`, `updated_at`, `updated_at`, `photo`, ▶
select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ) * (drivers.salary_per_hour / 3600) / 10)
from assignments
where assignments.driver_id = drivers.id
and assignments.driving_day between STR_TO_DATE('2019-03-07', '%Y-%m-%d') and STR_TO_DATE('2019-03-31', '%Y-%m-%d') ) as salary, (
select SEC_TO_TIME(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ))
from assignments
where assignments.driver_id = drivers.id
and assignments.driving_day between STR_TO_DATE('2019-03-07', '%Y-%m-%d') and STR_TO_DATE('2019-03-31', '%Y-%m-%d') ) as worked_hours, (
select 10 * FLOOR(SUM(TIME_TO_SEC(TIMEDIFF(end_time, start_time)) - 3600 ) * (drivers.salary_per_hour / 3600) / 10)
from assignments
where assignments.driver_id = drivers.id
and assignments.driving_day between STR_TO_DATE(2019-03-07, '%Y-%m-%d') and STR_TO_DATE(2019-03-31, '%Y-%m-%d') ) as test from `drivers` where exists (select * from `assignments` where `drivers`.`id` = `assignments`.`driver_id` and `driving_day` between ? and ?) limit 15 offset 0)
在您的查询中:
and assignments.driving_day
between STR_TO_DATE('?', '%Y-%m-%d')
and STR_TO_DATE('?', '%Y-%m-%d') )
不应引用绑定参数“?”。与其他数据库接口一样,Lavarel为您处理该级别的封装
你想要:
and assignments.driving_day
between STR_TO_DATE(?, '%Y-%m-%d')
and STR_TO_DATE(?, '%Y-%m-%d') )
在您的查询中:
and assignments.driving_day
between STR_TO_DATE('?', '%Y-%m-%d')
and STR_TO_DATE('?', '%Y-%m-%d') )
不应引用绑定参数“?”。与其他数据库接口一样,Lavarel为您处理该级别的封装
你想要:
and assignments.driving_day
between STR_TO_DATE(?, '%Y-%m-%d')
and STR_TO_DATE(?, '%Y-%m-%d') )
您需要删除?s周围的引号。您需要删除?s周围的引号。@VardanNersesyan:查询的最后一部分还需要参数:select*from assignments where drivers.id=assignments.driver\u id和driving\u day?和您需要以绑定其他参数的方式绑定它们。@VardanNersesyan:查询的最后一部分还需要参数:select*from assignments,其中drivers.id=assignments.driver\u id和driving\u day介于两者之间?和您需要像绑定其他参数一样绑定它们。