堆栈内存溢出
  简体   繁体   English

为什么这个MySQL查询无法从PHP工作

[英]why this mysql query doesnt work from php

 原文  2014-04-23 21:08:41       php/ mysql/ syntax/ mysqli/ phpmyadmin

问题描述

PHP code from registration procedure: 来自注册程序的PHP代码: 

    $query="INSERT INTO `users`(`email`, `password`, `role`, `time_registration`) 
        VALUES ('".mysqli_real_escape_string($con, trim($_SESSION['reg']['email']))."',
                '".hash('SHA512',trim($_POST['password']))."',
                '".mysqli_real_escape_string($con, trim($_SESSION['rola']))."',
                NOW())";

    if(!mysqli_query($con, $query)){
        error(".....");
    }else{

Here is all good. 这一切都很好。 First query is executed and data is stored to table "users". 执行第一个查询,并将数据存储到表“用户”。 But here comes problem. 但是这里出了问题。 Next php code generate new mysql query, which is never executed. 接下来的php代码生成新的mysql查询,该查询永远不会执行。 But when I copy it to PHPmyAdmin, there it works... 但是,当我将其复制到PHPmyAdmin时,它可以正常工作... 

        $last_id=$con->insert_id;
        $query='';
        foreach($_SESSION['reg'] as $key=>$value){
            if($value!=''){
                $query.=" INSERT INTO user_detail (id_user,id_item,value) VALUES ('".$last_id."', (SELECT id_item FROM profil_items WHERE name='".$key."'), '".mysqli_real_escape_string($con, $value)."');";
            }   
        }

        if(!mysqli_query($con, $query)){
            echo $query; 
        }else{
            header('Location: ...somewhere....');
        }           
    }

Mysqli error message: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO user_detail (id_user,id_item,value) VALUES ('14', (SELECT id_po' at line 1". Mysqli错误消息:“您的SQL语法有错误;请查看与您的MySQL服务器版本相对应的手册,以获取在'INSERT INTO user_detail(id_user,id_item,value)VALUES('14',(SELECT id_po'在第1行”。

I dont understand. 我不明白。 If there is an error in syntax, how can by executed without errors in PHPmyAdmin? 如果语法有错误,如何在PHPmyAdmin中正确执行?

1 个解决方案

解决方案1
 0 已采纳  2014-04-23 21:59:28

There is never any reason to use mysqli_multi_query() . 从来没有任何理由使用mysqli_multi_query() Starting a habit of using multi-query opens yourself up to new types of SQL injection vulnerabilities . 开始养成使用多查询的习惯,这会使您面临新的SQL注入漏洞类型

You should either execute each INSERT individually, with mysqli_query() inside the foreach loop. 您应该在foreach循环中使用mysqli_query()单独执行每个INSERT。

Or else append multiple rows into one multi-row INSERT statement and execute it after the loop. 否则,将多行追加到一个多行INSERT语句中,并在循环后执行它。

In this case, no (though you should use bound parameters instead of mysqli_real_escape_string() ), but I think once you start using mysqli_multi_query() you may use it elsewhere in an unsafe manner. 在这种情况下,没有(尽管您应该使用绑定参数而不是mysqli_real_escape_string() ),但是我认为一旦开始使用mysqli_multi_query()您可能会以不安全的方式在其他地方使用它。 Better to never use it. 最好不要使用它。

You can execute a single INSERT by using multi-row syntax. 您可以使用多行语法执行单个INSERT。 But I wouldn't worry about the overhead of executing multiple statements, until you are doing it in such high volume that you can measure a significant performance problem. 但是,我不必担心执行多个语句的开销,除非您执行的语句量如此之大,以至于您可以衡量一个重大的性能问题。 Don't worry about micro-optimizations. 不用担心微优化。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 mysql查询无法通过php工作 由phpmyadmin工作 - mysql query doesnt work by php | work by phpmyadmin 为什么这个复杂的MySQL查询不起作用? - Why doesnt this complex MySQL query work? 为什么此查询在mysql中有效但在PHP中不起作用 - Why this query work in mysql but not from PHP 为什么我的 SQL 查询在 PHP 中不起作用? - Why my SQL query doesnt work in PHP? PHP Mysql插入查询在条件或直接下不起作用 - Php Mysql insert query doesnt work under if condition or direct PHP我不知道为什么这个数学查询不起作用 - PHP i have no idea why this math query doesnt work 有什么原因,为什么我的PHP脚本中的查询不起作用? - Is there any reason, why the query in my php script doesnt work? PHP的MySQL限制不起作用 - php mysql limit doesnt work 为什么这个PHP MySQL查询不起作用? - Why won't this PHP MySQL query work? 为什么此 MySQL 查询在 PHP 代码中不起作用? - Why does this MySQL query not work in PHP code?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM