MYSQL 和 PHP 插入 NULL 值
[英]MYSQL and PHP INSERT NULL values
问题描述
lets say my table only has these members - id (key) and date (which defaults to NULL ) .
假设我的表只有这些成员 - id (key) 和 date (默认为NULL )。 Now when I want to insert a row with my php , do I need to check before my query whether date has a value or not or can I just insert like so -现在,当我想用我的 php 插入一行时,我是否需要在查询之前检查日期是否有值,或者我可以像这样插入 -
$query = "INSERT INTO mytable VALUES(3,{$_GET['date]})"
And mysql would assign a NULL value to date ?并且 mysql 会为日期分配一个 NULL 值?
And does this hold true to a table no matter how large ?无论桌子有多大,这都适用吗?
eg : can I insert many values that come from php and may be empty(or null) to a table , and mysql would automatically assign NULL to them (if I defined them as NULL by default of course) or do I need to do all kinds of checks before my inserts?例如:我可以插入许多来自 php 并且可能为空(或 null)的值到一个表中,并且 mysql 会自动为它们分配 NULL(当然,如果我默认将它们定义为 NULL),或者我需要做所有在我插入之前进行哪些检查?
5 个解决方案
解决方案1
1 2012-11-08 07:32:26
This might be relevant and this would also make sure you are not vulnerable to sql injection attacks. 这可能是相关的,这也将确保您不易受到 sql 注入攻击。
I'd say to just check each variable personally, then you have way more control over your variables before they are getting put in your database.我想说的是亲自检查每个变量,然后在将它们放入数据库之前,您可以更好地控制变量。
解决方案2
1 已采纳 2012-11-08 07:37:20
No, it will assign the value passed with the parameter $_GET['date'] .不,它将分配通过参数$_GET['date']传递的值。 If the value is empty '' and the date was of data type varchar it will insert a value of '' which is different than NULL then it will insert an empty.如果值为空''并且日期是数据类型varchar ,它将插入一个与NULL不同的''值,然后它将插入一个空值。 Thats because NULL and empty strings are not equal.那是因为NULL和空字符串不相等。 They are two different things in SQL.它们在 SQL 中是两种不同的东西。
If you want to insert NULL values, either ignore this column in the insert columns list, then it will assigned with the default value which is NULL .如果要插入NULL值,请忽略插入列列表中的此列,然后将为其分配默认值NULL 。 Or write it explicitly in the values of the INSERT statement.或者将其明确写入INSERT语句的值中。
Note that: Your code this way is vulnerable to SQL injection .请注意:您的这种方式的代码容易受到SQL 注入攻击。 You should use prepared statements or PDO instead.您应该改用准备好的语句或 PDO。 See this for more details:有关更多详细信息,请参阅此内容:
解决方案3
0 2012-11-08 07:34:00
Try this尝试这个
$query = "INSERT INTO mytable VALUES(3,'".$_GET['date']."')";
But also consider the datatype of your table field if its set to date/datetime then, check the return value of $_GET['date'] it must also in form of date.但也要考虑你的表字段的数据类型,如果它设置为日期/日期时间,那么检查$_GET['date']的返回值它也必须是日期的形式。
解决方案4
0 2012-11-08 07:36:49
- That snippet is wide open to SQL injection .该片段对SQL 注入是开放的。 Escape your values or use prepared statements!逃避您的价值观或使用准备好的语句!
- If the variable contains nothing, the query will look like
... VALUES (3,).如果变量不包含任何内容,则查询将类似于... VALUES (3,)。 That's a syntax error, so it doesn't work.这是一个语法错误,所以它不起作用。 - If you'd change this to
VALUES(3, '{$_GET['date']}')", so in the case of an empty variable the query would be... VALUES(3, ''), an empty string is the value. That will be cast to some sane value for the column in question, in case of a date column, to an unrecognized date. That's notNULL.如果您将其更改为VALUES(3, '{$_GET['date']}')",那么在空变量的情况下,查询将是... VALUES(3, ''),一个空string 是值。对于有问题的列,如果是日期列,它将被转换为某个合理的值,从而转换为无法识别的日期。这不是NULL。
NULL only applies if you omit the column entirely from a query or explicitly set it to NULL . NULL仅适用于从查询中完全省略该列或将其显式设置为NULL 。 In any other case, the value will be something other than NULL .在任何其他情况下,该值将不是NULL 。
解决方案5
0 2012-11-08 07:41:38
$date = date("d-m-Y",strtotime($_GET['date']));
if(isset($date))
$query = "INSERT INTO mytable VALUES(3,$date)";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.