[英]Insert alphanumeric value into varchar type column
Hi i am trying to insert a alphanumeric value 46e0d48d-bca1-11e7-991f-2c27d70ced1d
into an varchar type column in a table. 嗨,我正在尝试将字母数字值
46e0d48d-bca1-11e7-991f-2c27d70ced1d
插入表中的varchar类型列。 I am inserting through a variable but getting 1604 error that is syntax is not right. 我正在通过变量插入,但语法错误1604,这是不正确的。 Here is the code
这是代码
SET @sql = CONCAT('insert into ', @user_table_name, '
(user, user2, message, mesg_type, date_time, mesg_read_status)
values (',@user_id,',',@user2_id,',',@message,',',@mesg_type,',',@date_time,',',@read_status,')'
);
select @sql;
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
For user
column i am passing the alphanumeric value 46e0d48d-bca1-11e7-991f-2c27d70ced1d
. 对于
user
列,我正在传递字母数字值46e0d48d-bca1-11e7-991f-2c27d70ced1d
。
Learn to use parameters: 学习使用参数:
SET @sql = CONCAT('
insert into ', @user_table_name, ' (user, user2, message, mesg_type, date_time, mesg_read_status)
values (?, ?, ?, ?, ?, ?)
');
PREPARE stmt FROM @sql;
EXECUTE stmt USING @user_id, @user2_id, @message, @mesg_type, @date_time, @read_status;
DEALLOCATE PREPARE stmt;
Don't munge query strings with parameter values. 不要用参数值来修饰查询字符串。 That makes the code harder to debug, prone to errors, more difficult to read, and opens another line of attack for SQL injection.
这使得代码更难调试,容易出错,更难阅读,并且为SQL注入打开了另一道攻击线。
SET @sql = CONCAT('insert into ', @user_table_name, '
(user, user2, message, mesg_type, date_time, mesg_read_status)
values (\'',@user_id,'\',',@user2_id,',',@message,',',@mesg_type,',',@date_time,',',@read_status,')'
);
select @sql;
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
This statement should work. 此语句应该起作用。 Give it a try
试试看
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.