我很难绑定我的 SQL 查询,而且我只剩下几个脑细胞了。
基本上,此代码有效但容易受到 SQL 注入:
return DB::connection('sqlsrv_rfo_user')
->table('dbo.tbl_rfaccount')
->insert([
'Email' => $email,
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
'birthdate' => $birthday,
'accounttype' => 0,
'BCodeTU' => 1
]);
我想弄清楚如何绑定这些代码行:
'id' => DB::raw("CONVERT(binary, '$username')"),
'password' => DB::raw("CONVERT(binary, '$password')"),
我确实尝试过:
'id' => DB::raw("CONVERT(binary, ?)", [$username]),
'password' => DB::raw("CONVERT(binary, ?)", [$password]),
并收到此错误:
SQLSTATE[07002]: [Microsoft][ODBC Driver 13 for SQL Server]COUNT field incorrect or syntax error (SQL: insert into [dbo].[tbl_rfaccount] ([Email], [id], [password], [birthdate], [accounttype], [BCodeTU]) values (user@example.com, CONVERT(binary, 2011-11-11 00:00:00), CONVERT(binary, …