使用括号的MySQL更新语法
[英]MySQL Update Syntax Using Parentheses
问题描述
In the following code $keyresult and $valueresult are comma separated lists of columns in my db and the values I want to put into them in the identified row. 
在下面的代码中,$ keyresult和$ valueresult是数据库中列的逗号分隔列表,以及要在标识的行中放入它们的值。 The problem is, the code isn't doing what I hoped it would and is returning a syntax error in the query. 问题是,代码没有按照我希望的那样做,并且在查询中返回了语法错误。
$q3 = "UPDATE post SET ($keyresult) VALUES ('$valueresult') WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";
How can I fix the syntax of this? 如何解决此语法?
1 个解决方案
解决方案1
2 已采纳 2014-06-17 19:37:46
You are mixing INSERT and UPDATE syntax. 您正在混合使用INSERT和UPDATE语法。
$q3 = "UPDATE `post` SET `$keyresult` = '$valueresult'
WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";
I am assuming you are properly escaping $valueresult , $user_id , and $post_id before you are executing your query. 我假设您在执行查询之前已经正确地转义了$valueresult , $user_id和$post_id 。 If not, and these are user-supplied values, you are wide open to SQL injections . 如果不是,并且这些是用户提供的值,则对SQL注入持开放态度 。 I recommend looking into prepared statements to eliminate this risk. 我建议研究准备好的语句以消除这种风险。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.