[英]Retrieving Data From One Table To Another Table With Different Columns
Trying to retrieve information from the database t_awhole and input it into a_whole. 尝试从数据库t_awhole中检索信息并将其输入到a_whole中。 I've read up on a lot of these, but cannot find anything specific to my question.
我已经阅读了很多内容,但找不到与我的问题有关的任何内容。
//>>>>Stops here<<<<<
. //>>>>Stops here<<<<<
。 I used an echo statement to find that it does not pass this point. Finally, I am using PDO as the structure. 最后,我使用PDO作为结构。 It was originally written in mysql.
它最初是用mysql编写的。 I notice a colon
:
is used instead of a money sign $
. 我注意到冒号
:
用来代替货币符号$
。 How do I switch this to be from sql to PDO? 如何将其从sql切换到PDO?
<?php include('db.php'); // passkey that got from link $pk=$_GET['pk']; $t_awhole_conf="t_awhole"; // Retrieve data from table where row that match this passkey $sql_conf1="SELECT * FROM $t_awhole_conf WHERE confirm_code ='$pk'"; $result_conf=mysql_query($sql_conf1) or die ('Error updating database: '.mysql_error()); // If successfully queried if($result_conf){ // Count how many row has this passkey $count=mysql_num_rows($result_conf); // if found this passkey in our database, retrieve data from table "t_awhole" if($count==1){ $rows=mysql_fetch_array($result_conf); $fN = $rows['fN']; // capitalizes the first letter (6-26-14) $lN = $rows['lN']; // capitalizes the first letter (6-26-14) $aI = $rows['aI']; $eml = $rows['eml']; $pss = $rows['pss']; $pss2 = $rows['pss2']; $a_whole_conf="a_whole"; // Insert data that retrieves from "t_awhole" into table "a_whole" $sql_conf2= $conn->prepare("INSERT INTO $a_whole_conf(fN, lN, aI, eml, pss, admin) VALUES ($fN, $lN, $aI, $eml, $pss, $admin)"); //>>>>Stops here<<<<< $result_conf2=$sql_conf2->execute() or die ('Error updating database: '.mysql_error()); } // if not found passkey, display message "Wrong Confirmation code" else { echo "Wrong Confirmation code"; } // if successfully moved data from table"t_awhole" to table "a_whole" displays message "Your account has been activated" and don't forget to delete confirmation code from table "t_awhole" if($result_conf2){ echo "Your account has been activated"; // Delete information of this user from table "t_awholeb" that has this passkey $sql_conf3="DELETE FROM $t_awhole_conf WHERE confirm_code = '$pk'"; $result_conf3=mysql_query($sql_conf3); } } ?>
TO ANSWER THE QUESTION YOU ASKED 回答您所问的问题
The colon ( :
) is used in SQL text to identify a placeholder for a named bind parameter within a prepared statement . 冒号(
:
)在SQL文本用于标识一个占位符一份准备好的声明中的一个命名绑定参数。 That colon gets included in the SQL text, and value for that placeholder is provided when the SQL statement is executed. 该冒号包含在SQL文本中,并在执行SQL语句时提供该占位符的值。
The "money sign" identifies a PHP variable; “货币符号”标识一个PHP变量; in the string context, the variable is evaluated, and the value of the variable gets incorporated into the SQL text.
在字符串上下文中,将评估变量,并将变量的值合并到SQL文本中。
The following is not an answer to the question you asked. 以下不是您所提问题的答案。 But I think this will answer several other questions you should be asking...
但是我认为这将回答您应该问的其他几个问题...
The inclusion of "unsafe" values in PHP variables is where the "SQL Injection" vulnerability comes in, if we don't have any guarantee that the value of the variables don't contain some characters that will be interpreted as SQL. 如果我们不能保证变量的值不包含某些会被解释为SQL的字符,则在PHP变量中包含“不安全”值就是“ SQL注入”漏洞的所在。 And that's exactly why the mysql interface includes the
mysql_real_escape_string
function. 这就是为什么mysql接口包含
mysql_real_escape_string
函数的原因。 This is a "wrapper" that inspects values, and properly escapes values so that they will be seen as values, and not be interpreted as SQL syntax. 这是一个“包装程序”,用于检查值,并适当地转义值,以便将它们视为值, 而不被解释为SQL语法。
Q: 1. The code stops where I have placed the comment //>>>>Stops here<<<<<. 问:1.代码在我放置注释的地方停止// >>>>在此处停止<<<<<。
A: Cool. 答:很酷。 It's not clear how you know the code "Stops here", if you're getting some sort of error or what.
如果您遇到某种错误或其他原因,目前尚不清楚如何知道代码“ Stops here”。
We don't see any declaration or assignment for the reference to the $admin
variable. 我们没有看到对
$admin
变量的引用的任何声明或赋值。 We do see that we expected column pss2
to be retrieved by the SELECT. 我们确实看到我们期望列
pss2
由SELECT检索。 But we don't see anything be done with that, except to assign that to a PHP variable named $pss2
, and that doesn't appear to be referenced anywhere else. 但是,除了将其分配给名为
$pss2
的PHP变量之外,我们看不到有任何其他$pss2
。 Curious. 好奇。
Q: 2. This is a email confirmation function, so t_awhole's table structure is different than a_whole. 问:2.这是电子邮件确认功能,因此t_awhole的表结构与a_whole不同。 Everything is the same but in t_awhole the first column is a confirmation code associated to to that user.
一切都一样,但是在t_awhole中,第一列是与该用户关联的确认代码。 Once they click the link in their email, the row with that confirmation code should transfer all the data from that t_awhole into a_whole.
一旦他们单击电子邮件中的链接,带有确认代码的行应将所有数据从该t_awhole传输到a_whole。 However, it should not transfer the confirmation code, but should add a new column for the number of the row (first column) as an increment, and whether the user is an admin or not (last column).
但是,它不应该传送确认代码,而应为行号(第一列)增加一个新列,并以用户是否为管理员的身份(最后一列)为增量。 Everything else will stay as it was (fN, lN, aI, eml, pss) in between that first and last row.
在第一行和最后一行之间,其他所有内容将保持不变(fN,lN,al,eml,pss)。
A: Seems like an awkward design. 答:看起来很尴尬。 It's not clear why you need to loop through all the individual rows returned by a SELECT (and your code is subject to SQL injection. Hopefully, "Little Bobby Tables" doesn't register... http://xkcd.com/327/ )
目前尚不清楚为什么需要遍历SELECT返回的所有单独行(并且您的代码受SQL注入的影响。希望“ Little Bobby Tables”不会注册... http://xkcd.com/327 / )
I'm not sure why you don't just run a single INSERT .. SELECT
statement to "copy" the rows from one table to the other in one fell swoop, for example: 我不确定为什么不只运行一个
INSERT .. SELECT
语句,一次INSERT .. SELECT
行从一个表“复制”到另一个表,例如:
$sql = "INSERT INTO a_whole
( fN , lN, aI, eml, pss, admin)
SELECT t.fN, t.lN, t.aI, t.eml, t.pss, '' AS admin
FROM t_awhole t
WHERE t.confirm_code = '" . mysql_real_escape_string($pk) "'";
(I don't see any declaration or assignment to $admin
in the original code, so I replaced that reference with a literal string (zero length) in the example above.) (在原始代码中没有看到对
$admin
任何声明或赋值,因此在上面的示例中,我将该引用替换为文字字符串(零长度)。)
If you were going to do this with PDO, you could use a prepared statement with a bind placeholder. 如果要使用PDO进行此操作,则可以使用带有绑定占位符的预处理语句。 All of the SQL is the same, with the exception that we replace a reference to the value of the PHP
$pk
variable with a bind placeholder in the SQL text: 所有的SQL都是相同的,除了我们用SQL文本中的绑定占位符替换了对PHP
$pk
变量值的引用:
$sql = "INSERT INTO a_whole
( fN , lN, aI, eml, pss, admin)
SELECT t.fN, t.lN, t.aI, t.eml, t.pss, '' AS admin
FROM t_awhole t
WHERE t.confirm_code = :pk";
Now the SQL text is a constant string, and is not subject to SQL injection. 现在,SQL文本是一个常量字符串,并且无需进行SQL注入。
With PDO, you'd first call the prepare()
, and then call bind_param()
and execute()
, eg 使用PDO,您首先要调用
prepare()
,然后再调用bind_param()
和execute()
,例如
$sth = $dbh->prepare($sql);
$sth->bindParam(':pk', $pk, PDO::PARAM_INT);
$sth->execute();
BUT ... to do that, you need to have a PDO connection (referenced as $dbh
above); 但是 ...要做到这一点,您需要有一个PDO连接(在上面称为
$dbh
); you can't use a mysql connection with PDO. 您不能通过PDO使用mysql连接。
(If you don't check the result from each call, you'd want to set the error handling on the connection to throw an error, and use a try/catch block to catch any PDOException.) (如果不检查每个调用的结果,则希望在连接上设置错误处理以引发错误,并使用try / catch块捕获任何PDOException。)
UPDATE: actually, I see that your code only copies the first row returned from the SELECT, we don't see a normal while (fetch)
loop we usually see. UPDATE:实际上,我看到您的代码仅复制了SELECT返回的第一行,我们没有看到通常看到的普通
while (fetch)
循环。 That was my oversight there, seeing something I expected but that wasn't there. 那是我的疏忽,看到了我所期望的东西,但那并不存在。 That's my bad.
那是我的坏事。 Still, there's no need to retrieve the values into PHP variables, if all we are going to do with them is insert them into another table.
尽管如此,如果我们要做的就是将它们插入另一个表中,则无需将这些值检索到PHP变量中。 Let the database do that, without mucking up the code with a bunch of variables we don't need.
让数据库做到这一点,而不必用我们不需要的一堆变量来处理代码。
Q: 3. Finally, I am using PDO as the structure. 问:3.最后,我使用PDO作为结构。 It was originally written in mysql.
它最初是用mysql编写的。 I notice a colon : is used instead of a money sign $.
我注意到冒号:用于代替货币符号$。 Why is this and where would I switch the : for the $ in my code?
为什么会这样,我将在代码中将$切换到哪里?
A: The code modified in the edit, is now calling functions both from the deprecated mysql interface; 答:在编辑修改的代码,现在正在呼叫都从已过时的MySQL接口功能; and PDO (per the references to PDO functions.)
和 PDO(根据对PDO功能的引用。)
It's not valid to mix mysql interface functions and PDO interface functions. 混合mysql接口函数和PDO接口函数是无效的。 You can't use PDO functions on a connection obtained using the mysql interface, etc.
您不能在通过mysql接口等获得的连接上使用PDO函数。
This is likely why your code "stops here". 这可能就是您的代码“在此处停止”的原因。
(I was a little confused earlier; I didn't see the PDO functions, all I saw was mysql functions. We're not used to seeing mysql and PDO functions mixed like this, mostly because we never see this because it's not valid.) (我之前有点困惑;我没有看到PDO函数,只看到了mysql函数。我们不习惯看到mysql和PDO函数像这样混合使用,主要是因为我们从来没有看到过它,因为它是无效的。 )
TO ANSWER THE QUESTION YOU ASKED 回答您所问的问题
The colon ( :
) is used in SQL text to identify a placeholder for a named bind parameter within a prepared statement . 冒号(
:
)在SQL文本用于标识一个占位符一份准备好的声明中的一个命名绑定参数。 That colon gets included in the SQL text, and value for that placeholder is provided when the SQL statement is executed. 该冒号包含在SQL文本中,并在执行SQL语句时提供该占位符的值。
The "money sign" identifies a PHP variable; “货币符号”标识一个PHP变量; in the string context, the variable is evaluated, and the value of the variable gets incorporated into the SQL text.
在字符串上下文中,将评估变量,并将变量的值合并到SQL文本中。 (This is where the "SQL Injection vulnerability comes in... we don't have any guarantee that the value of that variable doesn't contain text that will be interpreted as SQL.
(这是“ SQL注入漏洞的来袭……我们不能保证该变量的值不包含将被解释为SQL的文本。”
And that's exactly why the mysql interface includes the mysql_real_escape_string
function. 这就是为什么mysql接口包含
mysql_real_escape_string
函数的原因。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.