堆栈内存溢出
  简体   繁体   English

如何更正此MySql查询?

[英]How do i correct this MySql query?

 原文  2017-08-22 21:11:07       php/ mysql

问题描述

I have a query that I am trying to update a MySQL table with 我有一个查询,我正在尝试更新一个MySQL表 

UPDATE `" . TABLE_PREFIX . "TABLE` SET FIELD = CONCAT(FIELD, " . $MyString . ")

$MyString would contain a useragent like MOZILLA/5.0 (COMPATIBLE; SEMRUSHBOT/1.2~BL; +HTTP://WWW.SEMRUSH.COM/BOT.HTML but I am getting a syntax error? The field is set up as TEXT NULL and default is NULL . $MyString将包含像MOZILLA/5.0 (COMPATIBLE; SEMRUSHBOT/1.2~BL; +HTTP://WWW.SEMRUSH.COM/BOT.HTML这样的用户代理,但是我收到语法错误?该字段设置为TEXT NULL和默认值为NULL

Any help appreciated. 任何帮助表示赞赏。

For clarity all I am trying to do is add text to a text field in the database, the text IS exactly like the useragent above! 为了清楚起见,我要做的就是将文本添加到数据库的文本字段中,该文本与上面的useragent完全一样!

Kind regards, Simon 亲切的问候,西蒙

3 个解决方案

解决方案1
 2  2017-08-22 21:33:53

String delimiters in sql are ', I assume that your query in the question is some kind of mix between php and sql. sql中的字符串定界符是',我假设您在问题中的查询是php和sql之间的某种混合。 I would suggest that you start by getting the sql correct first, and after that incorporate it into php. 我建议您先从正确获取sql开始,然后再将其合并到php中。 Your query probably should look something like: 您的查询可能看起来应该像这样: 

UPDATE ST_uAgent 
    SET agent = CONCAT(agent, 'MOZILLA/5.0 (COMPATIBLE; DOTBOT/1.1; HTTP://WWW.OPENSITEEXPLORER.ORG/DOTBOT, HELP@MOZ.COM)');

解决方案2
 0 已采纳  2017-08-22 21:35:01

You need to put ' quotes ' around your string. 您需要在字符串两边加上'引号' 

"UPDATE `" . TABLE_PREFIX . "TABLE` SET FIELD = CONCAT(FIELD, '". $MyString ."')"

Without this MySQL doesn't know how to interpret the data you are passing it. 没有这个MySQL,将不知道如何解释您传递的数据。

That said, what you are attempting here is extremely risky and leaves you wide open to SQL injection. 就是说,您在这里所做的尝试极具风险,并且使您很容易接受SQL注入。

Consider using parameterisation / prepared statements as provided by mysqli or PDO instead - see here: How can I prevent SQL injection in PHP? 考虑使用mysqli或PDO提供的参数化/预处理语句-参见此处: 如何防止PHP中的SQL注入?

解决方案3
 0  2017-08-22 22:14:06

I guess the problem is the delimiter ´. 我想问题是分隔符´。 Eliminate the delimiter: 消除定界符: 

("UPDATE ". TABLE_PREFIX ." TABLE SET FIELD = CONCAT(FIELD, '". $MyString ."')");

It's just a guess. 只是个猜测而已。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Mysql Codeigniter Active Record - 如何进行where_in查询并返回正确的结果顺序? - Mysql Codeigniter Active Record - How do I do a where_in query and return the correct order of results? 使用Join且2个表的字段名称相同时,如何在MYSQL查询中查明正确的结果? - How do I pinpoint correct result in MYSQL Query when using Join and the 2 tables have field with same name? MySQL查询,如何查询? - MySQL query, how do I query this? 如何使用查询更正 MySQL 列中的拼写错误? - How can I correct spelling errors in MySQL column using a query? 如何更正php mysql查询 - How to correct php mysql query 如何显示来自MySQL的正确数据? - How do I display correct data from mySQL? 如何使用数组查询mysql数据 - How do I query mysql data with array 我应该如何在mysql中执行此查询 - how should i do this query in mysql 如何限制此MySQL查询的结果? - How do I limit the results of this MySQL Query? 如何在 for 循环中避免 mysql 查询 - How do I avoid mysql query in for loop
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM