Fatal编程技术网
  • php/
  • oci按名称绑定到PHP/oci/Oracle

oci按名称绑定到PHP/oci/Oracle

php oracle

oci按名称绑定到PHP/oci/Oracle,php,oracle,oracle-call-interface,ora-01858,Php,Oracle,Oracle Call Interface,Ora 01858,我有以下资料: $ARTIFACT_NAME = $_POST['ArtifactName']; $ARTIFACT_TYPE = $_POST['ArtifactType']; $ARTIFACT_LOCATION = $_POST['ArtifactLocation']; $ARTIFACT_DOMAIN = $_POST['ArtifactDomain']; $ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];

我有以下资料:

    $ARTIFACT_NAME = $_POST['ArtifactName'];
    $ARTIFACT_TYPE = $_POST['ArtifactType'];
    $ARTIFACT_LOCATION = $_POST['ArtifactLocation'];
    $ARTIFACT_DOMAIN = $_POST['ArtifactDomain'];
    $ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];
    $ARTIFACT_LABEL = 'DB_'.$ARTIFACT_LOCATION.'_'.$ARTIFACT_DOMAIN.'_'.$ARTIFACT_NAME;
    $AUDIT_CONSTRAINTS = $_POST['AuditConstraints'];
    $SECURITY_CONSTRAINTS = $_POST['SecurityConstraints'];
    $REGISTERED_EMAIL = $_SERVER['HTTP_REMOTE_USER'];
    $REGISTERED_TIMESTAMP = "to_date('15-08-2011 14:32:37', 'DD-MM-YYYY HH24:MI:SS')";

    $query =    "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
                VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8, :bind9, :bind10, :bind11)";
    $statement = oci_parse($connection, $query);

    oci_bind_by_name($statement, ":bind1", $ARTIFACT_ID);
    oci_bind_by_name($statement, ":bind2", $ARTIFACT_NAME);
    oci_bind_by_name($statement, ":bind3", $ARTIFACT_TYPE);
    oci_bind_by_name($statement, ":bind4", $ARTIFACT_LOCATION);
    oci_bind_by_name($statement, ":bind5", $ARTIFACT_DOMAIN);
    oci_bind_by_name($statement, ":bind6", $ARTIFACT_AUTHOR);
    oci_bind_by_name($statement, ":bind7", $ARTIFACT_LABEL);
    oci_bind_by_name($statement, ":bind8", $AUDIT_CONSTRAINTS);
    oci_bind_by_name($statement, ":bind9", $SECURITY_CONSTRAINTS);
    oci_bind_by_name($statement, ":bind10", $REGISTERED_EMAIL);
    oci_bind_by_name($statement, ":bind11", $REGISTERED_TIMESTAMP);
这会产生以下错误:

ORA-01858: a non-numeric character was found where a numeric was expected
但是,如果我不绑定
$REGISTERED\u TIMESTAMP
并将
to\u date
直接插入
$query
中,它就可以正常工作

怎么回事?!这让我发疯了

您正在使用带有绑定参数的Oracle语句。这很好,因为它可以防止在SQL语句中插入危险代码时进行SQL注入。但是,在这种情况下,它会阻止执行
TO_CHAR
函数。相反,它试图将整个字符串转换为时间戳,这当然不起作用

解决方案相当简单:将
to_CHAR
函数从绑定参数直接移到语句中:

$REGISTERED_TIMESTAMP = "15-08-2011 14:32:37";

$query =    "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
            VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8,
               :bind9, :bind10, to_date(:bind11, 'DD-MM-YYYY HH24:MI:SS'))";
节省了可能的挫折时间。谢谢你,伙计。:)