oci按名称绑定到PHP/oci/Oracle
我有以下资料:oci按名称绑定到PHP/oci/Oracle,php,oracle,oracle-call-interface,ora-01858,Php,Oracle,Oracle Call Interface,Ora 01858,我有以下资料: $ARTIFACT_NAME = $_POST['ArtifactName']; $ARTIFACT_TYPE = $_POST['ArtifactType']; $ARTIFACT_LOCATION = $_POST['ArtifactLocation']; $ARTIFACT_DOMAIN = $_POST['ArtifactDomain']; $ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];
$ARTIFACT_NAME = $_POST['ArtifactName'];
$ARTIFACT_TYPE = $_POST['ArtifactType'];
$ARTIFACT_LOCATION = $_POST['ArtifactLocation'];
$ARTIFACT_DOMAIN = $_POST['ArtifactDomain'];
$ARTIFACT_AUTHOR = $_POST['ArtifactAuthor'];
$ARTIFACT_LABEL = 'DB_'.$ARTIFACT_LOCATION.'_'.$ARTIFACT_DOMAIN.'_'.$ARTIFACT_NAME;
$AUDIT_CONSTRAINTS = $_POST['AuditConstraints'];
$SECURITY_CONSTRAINTS = $_POST['SecurityConstraints'];
$REGISTERED_EMAIL = $_SERVER['HTTP_REMOTE_USER'];
$REGISTERED_TIMESTAMP = "to_date('15-08-2011 14:32:37', 'DD-MM-YYYY HH24:MI:SS')";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8, :bind9, :bind10, :bind11)";
$statement = oci_parse($connection, $query);
oci_bind_by_name($statement, ":bind1", $ARTIFACT_ID);
oci_bind_by_name($statement, ":bind2", $ARTIFACT_NAME);
oci_bind_by_name($statement, ":bind3", $ARTIFACT_TYPE);
oci_bind_by_name($statement, ":bind4", $ARTIFACT_LOCATION);
oci_bind_by_name($statement, ":bind5", $ARTIFACT_DOMAIN);
oci_bind_by_name($statement, ":bind6", $ARTIFACT_AUTHOR);
oci_bind_by_name($statement, ":bind7", $ARTIFACT_LABEL);
oci_bind_by_name($statement, ":bind8", $AUDIT_CONSTRAINTS);
oci_bind_by_name($statement, ":bind9", $SECURITY_CONSTRAINTS);
oci_bind_by_name($statement, ":bind10", $REGISTERED_EMAIL);
oci_bind_by_name($statement, ":bind11", $REGISTERED_TIMESTAMP);
这会产生以下错误:
ORA-01858: a non-numeric character was found where a numeric was expected
但是,如果我不绑定$REGISTERED\u TIMESTAMP
并将to\u date
直接插入$query
中,它就可以正常工作
怎么回事?!这让我发疯了 您正在使用带有绑定参数的Oracle语句。这很好,因为它可以防止在SQL语句中插入危险代码时进行SQL注入。但是,在这种情况下,它会阻止执行
TO_CHAR
函数。相反,它试图将整个字符串转换为时间戳,这当然不起作用
解决方案相当简单:将to_CHAR
函数从绑定参数直接移到语句中:
$REGISTERED_TIMESTAMP = "15-08-2011 14:32:37";
$query = "INSERT INTO ".$db_schema.".ARTIFACTS (ARTIFACT_ID, ARTIFACT_NAME, ARTIFACT_TYPE, ARTIFACT_LOCATION, ARTIFACT_DOMAIN, ARTIFACT_AUTHOR, ARTIFACT_LABEL, AUDIT_CONSTRAINTS, SECURITY_CONSTRAINTS, REGISTERED_EMAIL, REGISTERED_TIMESTAMP)
VALUES (:bind1, :bind2, :bind3, :bind4, :bind5, :bind6, :bind7, :bind8,
:bind9, :bind10, to_date(:bind11, 'DD-MM-YYYY HH24:MI:SS'))";
节省了可能的挫折时间。谢谢你,伙计。:)