Question

我测试了两种类型 1）

 DB::statement('call abc_cmw("$ipaddress","$cname","$recvd_date","$language","$address1","$address2","$address3","$pincode","$mobileno","$amobileno","$email_address","$idproofdetail","$Description","$remedies","$gretype","$fcount","$content1","$content2","$district_problem","$city_problem", "$block_problem","$village_problem","$username","$sugg_demand","$dept_name","$indiv_grp","$ac_problem")');

2）

DB::select('exec abc_cmw("$ipaddress","$cname","$recvd_date","$language","$address1","$address2","$address3","$pincode","$mobileno","$amobileno","$email_address","$idproofdetail","$Description","$remedies","$gretype","$fcount","$content1","$content2","$district_problem","$city_problem", "$block_problem","$village_problem","$username","$sugg_demand","$dept_name","$indiv_grp","$ac_problem")');

但两种方式都有相同的错误

Connection.php第647行中的QueryException：SQLSTATE [42601]：语法错误：7错误：语法错误在或附近＆＃34; call＆＃34;第1行：打电话 abc_cmw（＆＃34; $ ipaddress＆＃34;，＆＃34; $ cname＆＃34;，＆＃34; $ re ... ^（SQL：呼叫 abc_cmw（＆＃34; $ IPADDRESS＆＃34;＆＃34; $ CNAME＆＃34;＆＃34; $ recvd_date＆＃34;＆＃34; $语言＆＃34;＆＃34; $地址1＆＃34 ;，＆＃34; $ 1地址＆＃34;＆＃34; $地址3＆＃34;＆＃34; $ pin码＆＃34;＆＃34; $ mobileno＆＃34;＆＃34; $ amobileno＆＃34 ;，＆＃34; $ EMAIL_ADDRESS＆＃34;＆＃34; $ idproofdetail＆＃34;＆＃34; $说明＆＃34;＆＃34; $补救＆＃34;＆＃34; $ gretype＆＃34 ;，＆＃34; $ FCOUNT＆＃34;＆＃34; $内容1＆＃34;＆＃34; $内容2＆＃34;＆＃34; $ district_problem＆＃34;＆＃34; $ city_problem＆＃34 ;，＆＃34; $ block_problem＆＃34;＆＃34; $ village_problem＆＃34;＆＃34; $用户名＆＃34;＆＃34; $ sugg_demand＆＃34;＆＃34; $ DEPT_NAME＆＃34 ;, ＆＃34; $ indiv_grp＆＃34;＆＃34; $ ac_problem＆＃34））

Answer 1

在PostgreSQL函数中使用SELECT子句调用，例如：SELECT func()

由于SQL注入的可能性，您应该避免直接插入SQL参数。改为使用绑定：

DB::statement('SELECT abc_cmw(?, ?, ?)', [$param1, $param2, $param3]);

或

DB::statement('SELECT abc_cmw(:param1, :param2, :param3)', [
  'param1' => $param1, 
  'param2' => $param2, 
  'param3' => $param3
]);

如何在laravel 5中调用postgresql存储过程

1 个答案: