在php中运行多个查询
[英]Running multiple queries in php
问题描述
我真的是PHP和HTML的新手。 在按下提交按钮之后,我试图用Users MySQL表中已经存在的数据填充字段(这可行)。 我还想将通过SELECT获得的相同数据插入另一个称为scan的SQL表中。
<?php
// php code to search data in mysql database and set it in input text
if(isset($_POST['search']))
{
// id to search
$user_id = $_POST['user_id'];
// connect to mysql
$connect = mysqli_connect("127.0.0.1", "root", "root","demodb");
// mysql search query
$query = "SELECT * FROM Users WHERE user_id = $user_id LIMIT 1";
$query = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) SELECT user_id, osha, firstname, lastname, company, trade, email, picture FROM Users WHERE user_id = $user_id LIMIT 1";
$result = mysqli_query($connect, $query);
// if id exist
// show data in inputsi
if(mysqli_num_rows($result) > 0)
{
while ($row = mysqli_fetch_array($result))
{
$osha = $row['osha'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$company = $row['company'];
$trade = $row['trade'];
}
}
// if the id not exist
// show a message and clear inputs
else {
echo "Undifined ID";
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
}
mysqli_free_result($result);
mysqli_close($connect);
}
// in the first time inputs are empty
else{
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
}
?>
<!DOCTYPE html>
<html>
<head>
<title> PHP FIND DATA </title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="barcode.php" method="post">
Id:<input type="text" name="user_id"><br><br>
Osha #:<input type="text" name="osha" value="<?php echo $osha;?>"><br><br>
First Name:<input type="text" name="firstname" value="<?php echo $firstname;?>"><br>
<br>
Last Name:<input type="text" name="lastname" value="<?php echo $lastname;?>"><br><br>
Company:<input type="text" name="company" value="<?php echo $company;?>"><br><br>
Trade:<input type="text" name="trade" value="<?php echo $trade;?>"><br><br>
<input type="submit" name="search" value="Find">
</form>
</body>
</html>
但是似乎我一次只能在PHP中运行一个查询。 我尝试集成mysqli_multi_query,但始终收到以下错误“ mysqli_num_rows()期望参数1为mysqli_result”。
如何运行两个查询,同时如何用数据填充字段。
表定义
用户表
| Users | CREATE TABLE `Users` (
`user_id` int(6) unsigned NOT NULL AUTO_INCREMENT,
`osha` int(50) DEFAULT NULL,
`firstname` varchar(30) NOT NULL,
`lastname` varchar(30) NOT NULL,
`company` varchar(50) DEFAULT NULL,
`trade` varchar(50) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`picture` varchar(50) DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`user_id`)
) ENGINE=InnoDB AUTO_INCREMENT=98819 DEFAULT CHARSET=latin1 |
扫描表
| scan | CREATE TABLE `scan` (
`user_id` int(6) unsigned NOT NULL DEFAULT '0',
`osha` int(50) DEFAULT NULL,
`firstname` varchar(30) NOT NULL,
`lastname` varchar(30) NOT NULL,
`company` varchar(50) DEFAULT NULL,
`trade` varchar(50) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`picture` varchar(50) DEFAULT NULL,
`reg_date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
2 个解决方案
解决方案1
3 2018-05-23 02:44:08
您正在用新值覆盖变量$query ,而不是先执行查询。 也就是说,尽管您的代码有很多问题:
- 您没有逃脱
$_POST['user_id'],请阅读有关SQL注入攻击的信息。 - 您没有逃脱HTML,请继续阅读XSS攻击。
- 您的逻辑流程重复了代码
- 您将通过两次获取数据,仅获取一次并插入一次来增加数据库的负载。
请参见下面的重写代码。
<?php
// initalize the variables
$osha = "";
$firstname = "";
$lastname = "";
$company = "";
$trade = "";
// php code to search data in mysql database and set it in input text
if(isset($_POST['search']))
{
// connect to mysql
$dbc = mysqli_connect("127.0.0.1", "root", "root","demodb");
// id to search
$user_id = mysqli_real_escape_string($dbc, $_POST['user_id']);
$query = "SELECT * FROM Users WHERE user_id = '$user_id' LIMIT 1";
$rs = mysqli_query($dbc, $query);
if (mysqli_num_rows($rs) == 1)
{
$row = mysqli_fetch_array($rs);
$osha = $row['osha'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$company = $row['company'];
$trade = $row['trade'];
$query = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) VALUES (" .
"'" . $user_id . "', '" .
"'" . mysqli_real_escape_string($dbc, $osha ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $firstname) . "', '" .
"'" . mysqli_real_escape_string($dbc, $lastname ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $company ) . "', '" .
"'" . mysqli_real_escape_string($dbc, $trade ) . "')";
mysqli_query($dbc, $query);
}
else
{
echo "Undefined ID";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title> PHP FIND DATA </title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="barcode.php" method="post">
Id:<input type="text" name="user_id"><br><br>
Osha #:<input type="text" name="osha" value="<?= htmlspecialchars($osha) ?>"><br><br>
First Name:<input type="text" name="firstname" value="<?= htmlspecialchars($firstname) ?>"><br>
<br>
Last Name:<input type="text" name="lastname" value="<?= htmlspecialchars($lastname) ?>"><br><br>
Company:<input type="text" name="company" value="<?= htmlspecialchars($company) ?>"><br><br>
Trade:<input type="text" name="trade" value="<?= htmlspecialchars($trade) ?>"><br><br>
<input type="submit" name="search" value="Find">
</form>
</body>
</html>
解决方案2
1 2018-05-23 02:44:25
首先,不要直接在查询中使用变量。 为了安全起见,强烈建议现在就使用准备好的声明。
因此,像这样更改您的查询,并在一次同时执行两个查询时,有必要将变量命名为不同的名称,否则后者将覆盖前一个:
$query1 = "SELECT * FROM Users WHERE user_id = ? LIMIT 1";
$query2 = "INSERT INTO scan (user_id, osha, firstname, lastname, company, trade, email, picture) SELECT user_id, osha, firstname, lastname, company, trade, email, picture FROM Users WHERE user_id = ? LIMIT 1";
然后创建如下准备的语句:
$stmt = mysqli_stmt_init($connect);
$stmt2 = mysqli_stmt_init($connect);
mysqli_stmt_prepare($stmt, $query1);
mysqli_stmt_prepare($stmt2, $query2);
mysqli_stmt_bind_param($stmt, "s", $user_id);
mysqli_stmt_bind_param($stmt2, "s", $user_id);
然后执行查询:
mysqli_stmt_execute($stmt);
mysqli_stmt_execute($stmt2);
最后,您将通过以下方式获得$query1的结果:
$result = mysqli_stmt_get_result($stmt);
PHP:cURL:在同一网站上运行多个查询
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.