[英]Mysql user can't update temp table (has all privileges)
我尝试通过php执行以下查询:
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '22207';
UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
INSERT INTO newdatabase.vacancies SELECT * FROM temp_table;
DROP TEMPORARY TABLE temp_table;
这给出了一个错误:
Errormessage: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
如果我直接在PMA中执行查询,则效果很好 。 我在PHP中与之连接的用户具有以下特权:
GRANT ALL PRIVILEGES ON firstdatabase.* TO 'username'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON newdatabase.* TO 'username'@'%' WITH GRANT OPTION;
有人知道了吗?
PHP代码:
//Get the new autoincrement id of the vacancy of individual jobboard
$iNewId = $db->lookup("SELECT vacancyid FROM ".$aBoardInfo['username'].".vacancies ORDER BY vacancyid DESC LIMIT 1");
$iNewId = $iNewId + 1;
$db->query("
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '". $iVacancyid ."' ;
UPDATE temp_table SET vacancyid=". $iNewId ." WHERE vacancyid='". $iVacancyid ."' ;
INSERT INTO ".$aBoardInfo['username'].".vacancies SELECT * FROM temp_table ;
DROP TEMPORARY TABLE temp_table ;
");
如示例2的文档中所述
Example#2 SQL注入
<?php $mysqli = new mysqli("example.com", "user", "password", "database"); $res = $mysqli->query("SELECT 1; DROP TABLE mysql.user"); if (!$res) { echo "Error executing query: (" . $mysqli->errno . ") " . $mysqli->error; } ?>
上面的示例将输出:
执行查询时出错:(1064)您的SQL语法有错误; 在第1行的“ DROP TABLE mysql.user”附近检查与您的MySQL服务器版本相对应的手册以使用正确的语法。
准备好的陈述
不支持将multiple语句与prepared语句一起使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.