堆栈内存溢出
  简体   繁体   English

编写串联PHP MS SQL查询并将其放入循环的最佳方法

[英]Best way to write a concatenating PHP MS SQL Query and put it into a loop

 原文  2012-10-19 10:23:14       php

问题描述

So normally I would write queries and loops like follows: 因此,通常我会编写如下查询和循环: 

    $result = mssql_query("SELECT Element FROM Table WHERE Type='Type'");

                while ($row = mssql_fetch_array($result)) { 
}

I know it isn't best practice but I am still learning and it works. 我知道这不是最佳做法,但我仍在学习并且行之有效。

I used to concatenate my queries as follows: 我以前将查询串联如下: 

$query = "SELECT Element ";
$query .= "FROM Table ";
$query .= "WHERE Condition = 'no' ";

$result = mssql_query($query);

$numRows = mssql_num_rows($result);

This isn't very secure however I have written a SQL Encode but I digress. 这不是很安全,但是我写了一个SQL编码,但是我离题了。 I now face the problem of having t write a very long query and loop it. 我现在面临的问题是无法编写一个很长的查询并将其循环。 I have written the following, however it doesn't work. 我写了以下内容,但是不起作用。 Can someone tell me if my syntax is correct, so that I can debug if the problem lays with my syntax or another element. 有人可以告诉我我的语法是否正确,以便我可以调试问题是否出在我的语法或其他元素上。 Any help would be greatly appreciated. 任何帮助将不胜感激。 

 $query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)";
$query .= " VALUES ("$_SESSION['basketid']", "1", "Type1", "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])",";
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']",";
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "

$insertsql = mssql_query($query);

while ($insertrow = mssql_fetch_array($insertsql)) { 


?>

I think/hope I am the right track, but I think my syntax for the actual query is slightly wrong somewhere but I can't quite figure out why, I keep getting unexpected t_variables. 我认为/希望我做对了,但我认为实际查询的语法在某处略有错误,但是我无法弄清楚为什么,我总是收到意想不到的t_variables。 Can anyone point me where I am going wrong please? 任何人都可以指出我要去哪里了吗?

2 个解决方案

解决方案1
 0  2012-10-19 10:27:36

Looking at your code: 查看您的代码: 

 $query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)"; 
$query .= " VALUES ('$_SESSION['basketid']', '1', 'Type1', "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])""; 
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']","; 
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "

End of line 2 you are missing a comma 第2行结尾,您缺少逗号

解决方案2
 0  2012-10-19 10:36:07

I find it easier to do in an array: 我发现在数组中更容易做到: 

$fields = array(
    'BasketId'    => $_SESSION['basketid'],
    'Qty'         => 1,
    'ProductType' => 'Type1',
    'Element1'    => SQLencode($_POST['Element1']),
    ...
);

$query = 'INSERT INTO Items ('
$query .= implode(',', array_keys($fields));
$query .= ') VALUES (';
foreach($fields as $value)
    $query .= is_numeric($value) ? $value : "'$value'";
$query .= ');';

You could also cook a sort of special syntax for your fields: 您还可以为您的字段准备一种特殊的语法: 

'Element1'     => '@Element1',

and then use array_map to convert all @-elements to SQLEncodes. 然后使用array_map将所有@元素转换为SQLEncodes。 This way you can't forget encoding an externally supplied values: if you forget the @, you enter an innocuous string. 这样,您就不会忘记对外部提供的值进行编码:如果忘记了@,则会输入一个无害的字符串。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 编写PHP SQL Update语句的最佳方法 - Best way to write PHP SQL Update Statement 在 PHP 中保护 SQL 查询的最佳方法 - Best Way to Secure SQL Query in PHP PHP和MS SQL-Foreach循环? - PHP & MS SQL - Foreach Loop? 如何将SQL查询放入for()循环 - How to put SQL query in a for() loop 用php写sql查询 - write sql query in php 从数据数组(PHP,MySQL)编写循环SQL查询 - Write loop sql query from data array (php, mysql) 使用file_put_contents将PHP代码写入文件的最佳方法是什么? - What is best way to use file_put_contents to write PHP code to file? 如何在 php laravel 中编写 sql 查询的正确方法 - How to write correct way of sql query in php laravel 在 php 中循环计算的最佳方法 - best way to loop calculations in php SQL查询放到PHP功能 - Sql query put to php function
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM