[英]Best way to write a concatenating PHP MS SQL Query and put it into a loop
So normally I would write queries and loops like follows: 因此,通常我会编写如下查询和循环:
$result = mssql_query("SELECT Element FROM Table WHERE Type='Type'");
while ($row = mssql_fetch_array($result)) {
}
I know it isn't best practice but I am still learning and it works. 我知道这不是最佳做法,但我仍在学习并且行之有效。
I used to concatenate my queries as follows: 我以前将查询串联如下:
$query = "SELECT Element ";
$query .= "FROM Table ";
$query .= "WHERE Condition = 'no' ";
$result = mssql_query($query);
$numRows = mssql_num_rows($result);
This isn't very secure however I have written a SQL Encode but I digress. 这不是很安全,但是我写了一个SQL编码,但是我离题了。 I now face the problem of having t write a very long query and loop it. 我现在面临的问题是无法编写一个很长的查询并将其循环。 I have written the following, however it doesn't work. 我写了以下内容,但是不起作用。 Can someone tell me if my syntax is correct, so that I can debug if the problem lays with my syntax or another element. 有人可以告诉我我的语法是否正确,以便我可以调试问题是否出在我的语法或其他元素上。 Any help would be greatly appreciated. 任何帮助将不胜感激。
$query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)";
$query .= " VALUES ("$_SESSION['basketid']", "1", "Type1", "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])",";
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']",";
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "
$insertsql = mssql_query($query);
while ($insertrow = mssql_fetch_array($insertsql)) {
?>
I think/hope I am the right track, but I think my syntax for the actual query is slightly wrong somewhere but I can't quite figure out why, I keep getting unexpected t_variables. 我认为/希望我做对了,但我认为实际查询的语法在某处略有错误,但是我无法弄清楚为什么,我总是收到意想不到的t_variables。 Can anyone point me where I am going wrong please? 任何人都可以指出我要去哪里了吗?
Looking at your code: 查看您的代码:
$query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)";
$query .= " VALUES ('$_SESSION['basketid']', '1', 'Type1', "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])"";
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']",";
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "
End of line 2 you are missing a comma 第2行结尾,您缺少逗号
I find it easier to do in an array: 我发现在数组中更容易做到:
$fields = array(
'BasketId' => $_SESSION['basketid'],
'Qty' => 1,
'ProductType' => 'Type1',
'Element1' => SQLencode($_POST['Element1']),
...
);
$query = 'INSERT INTO Items ('
$query .= implode(',', array_keys($fields));
$query .= ') VALUES (';
foreach($fields as $value)
$query .= is_numeric($value) ? $value : "'$value'";
$query .= ');';
You could also cook a sort of special syntax for your fields: 您还可以为您的字段准备一种特殊的语法:
'Element1' => '@Element1',
and then use array_map
to convert all @-elements to SQLEncodes. 然后使用array_map
将所有@元素转换为SQLEncodes。 This way you can't forget encoding an externally supplied values: if you forget the @, you enter an innocuous string. 这样,您就不会忘记对外部提供的值进行编码:如果忘记了@,则会输入一个无害的字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.