$pois = Home::select(\DB::raw('*, st_distance_sphere(homes.geopoint, point(?, ?)) as dist'))
->whereRaw('st_within(homes.geopoint, ST_Buffer(point(?, ?), 1))')
->orderBy('dist')
->get();
返回Laravel - SQLSTATE[HY000]: General error: 2031,但是下面的查询有效
$pois = Home::selectRaw('*, st_distance_sphere(homes.geopoint, point('.$data["lng"].', '.$data["lat"].')) as dist')
->whereRaw('st_within(homes.geopoint, ST_Buffer(point('.$data['lng'].', '.$data['lat'].'), 1))')
->orderBy('dist')
->get();
,但是它容易受到SQLInjection的攻击。我已经完成了stackoverflow中提到的建议。 PDO error: General error: 2031 [duplicate]
答案 0 :(得分:0)
selectRaw和whereRaw允许您使用占位符并传递值数组作为第二个参数:
selectRaw('*, st_distance_sphere(homes.geopoint, point(?, ?)) as dist', [$data['lng'], $data['lat']])