使用PDO进行插入和the_geom [英] Using PDO for an insert and the_geom

问题描述

我正在将代码切换到PDO，以提高安全性.我的插入将起作用，直到添加创建空间数据的特殊列为止.请参阅以下有关有效的标准插入内容，有关无效内容的信息，请参见以下第二页.

I'm switching my code to PDO for increased security. My insert works until I add a special column that create spatial data. See below for the standard insert that works, and 2nd below for what is not working.

$sql = "INSERT INTO sites_tbl (sitename, the_geom) VALUES ('$_POST[sitename]', st_geomfromtext('POINT($geomstring)',27700))";

geomstring =格式化为000000 000000的数字

The geomstring = a number formatted 000000 000000

使用PDO时，如果我只想插入站点名称，而不是在执行the_geom时，则使用相同的插入类似(如下)的效果.值325123 215432最终将是一个变量，但现在我正在测试列出.

Using PDO the same insert looks something like (below) this works if I just want to insert the sitename, but not when I do the_geom. The value 325123 215432 will eventually be a variable, but for now I'm testing list this.

  $stmt5 = $conn ->prepare(
"INSERT INTO sites_tbl (sitename, river_id, group_id, accepted_site, the_geom, bmwp_threshold) VALUES (?, ?, ?, ?, ?, ?)");

$stmt5->bindParam(1, $sitename);
$stmt5->bindParam(2, $river_id);
$stmt5->bindParam(3, $group_id);
$stmt5->bindParam(4, $accepted_site);
$stmt5->bindParam(5, $geomstring3);
$stmt5->bindParam(6, $bmwp_threshold);

$geomstring2 = "'POINT(635230 352120)'";
$geomstring3 = st_geomfromtext($geomstring2, 27700);

推荐答案

您不能
绑定
任意
SQL部分
使用
已准备
声明

you cannot
bind
an arbitrary
SQL part
using
prepared
statement

但字符串
或数字
文字
只要.

but string
or numeric
literal
only.

$geomstring4 = "'POINT(325123 215432)'";

$stmt5 = $conn ->prepare(
   "INSERT INTO sites_tbl (sitename, the_geom) VALUES (?, st_geomfromtext(?,27700)))");
$stmt5->bindParam(1, $sitename);

$stmt5->bindParam(2, $geomstring4);

这篇关于使用PDO进行插入和the_geom的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！