stackoom
  简体   繁体   中英

Best way to write a concatenating PHP MS SQL Query and put it into a loop

 原文  2012-10-19 10:23:14       php

Question

So normally I would write queries and loops like follows: 

    $result = mssql_query("SELECT Element FROM Table WHERE Type='Type'");

                while ($row = mssql_fetch_array($result)) { 
}

I know it isn't best practice but I am still learning and it works.

I used to concatenate my queries as follows: 

$query = "SELECT Element ";
$query .= "FROM Table ";
$query .= "WHERE Condition = 'no' ";

$result = mssql_query($query);

$numRows = mssql_num_rows($result);

This isn't very secure however I have written a SQL Encode but I digress. I now face the problem of having t write a very long query and loop it. I have written the following, however it doesn't work. Can someone tell me if my syntax is correct, so that I can debug if the problem lays with my syntax or another element. Any help would be greatly appreciated. 

 $query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)";
$query .= " VALUES ("$_SESSION['basketid']", "1", "Type1", "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])",";
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']",";
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "

$insertsql = mssql_query($query);

while ($insertrow = mssql_fetch_array($insertsql)) { 


?>

I think/hope I am the right track, but I think my syntax for the actual query is slightly wrong somewhere but I can't quite figure out why, I keep getting unexpected t_variables. Can anyone point me where I am going wrong please?

2 answers

solution1
 0  2012-10-19 10:27:36

Looking at your code: 

 $query = "INSERT INTO Items (BasketID, Qty, ProductType, Element1, Element2, Element3, Element4, Element5, Element6, Element7, Element8, Element9, Element10, Element11, Element12, Element13, Element14, Element15, Element16, Element17, Element18, Element19, Element20, DateAdded, Notes)"; 
$query .= " VALUES ('$_SESSION['basketid']', '1', 'Type1', "SQLencode($_POST['Element1'])", "SQLencode($_POST['Element2'])", "SQLencode($_POST['Element3'])", "SQLencode($_POST['Element4'])", "SQLencode($_POST['Element5'])", "SQLencode($_POST['Element6'])", "SQLencode($_POST['Element7'])""; 
$query .= ""SQLencode($_POST['Element8'])", "SQLencode($_POST['Element9'])", "SQLencode($_POST['Element10'])","SQLencode($_POST['Element11']", "SQLencode($_POST['Element12']", "SQLencode($_POST['Element13']","SQLencode($_POST['Element14']","SQLencode($_POST['Element15']", "SQLencode($_POST['Element16']","; 
$query .= ""SQLencode($_POST['Element17'])","SQLencode($_POST['Element18'])","SQLencode($_POST['Element19'])", "SQLencode($_POST['Element20'])", "NOW()", "SQLencode($_POST['Notes'])" ) "

End of line 2 you are missing a comma

solution2
 0  2012-10-19 10:36:07

I find it easier to do in an array: 

$fields = array(
    'BasketId'    => $_SESSION['basketid'],
    'Qty'         => 1,
    'ProductType' => 'Type1',
    'Element1'    => SQLencode($_POST['Element1']),
    ...
);

$query = 'INSERT INTO Items ('
$query .= implode(',', array_keys($fields));
$query .= ') VALUES (';
foreach($fields as $value)
    $query .= is_numeric($value) ? $value : "'$value'";
$query .= ');';

You could also cook a sort of special syntax for your fields: 

'Element1'     => '@Element1',

and then use array_map to convert all @-elements to SQLEncodes. This way you can't forget encoding an externally supplied values: if you forget the @, you enter an innocuous string.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Best way to write PHP SQL Update Statement Best Way to Secure SQL Query in PHP PHP & MS SQL - Foreach Loop? How to put SQL query in a for() loop write sql query in php Write loop sql query from data array (php, mysql) What is best way to use file_put_contents to write PHP code to file? How to write correct way of sql query in php laravel best way to loop calculations in php Sql query put to php function
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM