将字母数字值插入varchar类型列
[英]Insert alphanumeric value into varchar type column
问题描述
Hi i am trying to insert a alphanumeric value 46e0d48d-bca1-11e7-991f-2c27d70ced1d into an varchar type column in a table. 
嗨,我正在尝试将字母数字值46e0d48d-bca1-11e7-991f-2c27d70ced1d插入表中的varchar类型列。 I am inserting through a variable but getting 1604 error that is syntax is not right. 我正在通过变量插入,但语法错误1604,这是不正确的。 Here is the code 这是代码
SET @sql = CONCAT('insert into ', @user_table_name, '
(user, user2, message, mesg_type, date_time, mesg_read_status)
values (',@user_id,',',@user2_id,',',@message,',',@mesg_type,',',@date_time,',',@read_status,')'
);
select @sql;
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
For user column i am passing the alphanumeric value 46e0d48d-bca1-11e7-991f-2c27d70ced1d . 对于user列,我正在传递字母数字值46e0d48d-bca1-11e7-991f-2c27d70ced1d 。
2 个解决方案
解决方案1
0 已采纳 2017-10-29 13:50:09
Learn to use parameters: 学习使用参数:
SET @sql = CONCAT('
insert into ', @user_table_name, ' (user, user2, message, mesg_type, date_time, mesg_read_status)
values (?, ?, ?, ?, ?, ?)
');
PREPARE stmt FROM @sql;
EXECUTE stmt USING @user_id, @user2_id, @message, @mesg_type, @date_time, @read_status;
DEALLOCATE PREPARE stmt;
Don't munge query strings with parameter values. 不要用参数值来修饰查询字符串。 That makes the code harder to debug, prone to errors, more difficult to read, and opens another line of attack for SQL injection. 这使得代码更难调试,容易出错,更难阅读,并且为SQL注入打开了另一道攻击线。
解决方案2
0 2017-10-29 13:51:05
SET @sql = CONCAT('insert into ', @user_table_name, '
(user, user2, message, mesg_type, date_time, mesg_read_status)
values (\'',@user_id,'\',',@user2_id,',',@message,',',@mesg_type,',',@date_time,',',@read_status,')'
);
select @sql;
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
This statement should work. 此语句应该起作用。 Give it a try 试试看
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.