PHP 中的 SQL 语句与 phpmyadmin 中的 SQL 语句的行为不同
我有
$form_store_sql = "
INSERT INTO myodyssey_myaccount (`id`, `email`, `username`, `password`) VALUES (NULL, 'email', 'unixmiah.formtest', 'woohoo');
SET @last_id_in_myaccount = LAST_INSERT_ID();
INSERT INTO myodyssey_personal_info (`id`, `myodyssey_myaccount_id`) VALUES (NULL, @last_id_in_myaccount);
SET @last_id_in_personal_info = LAST_INSERT_ID();
INSERT INTO myodyssey_travel_info (`id`, `myodyssey_personal_info_id`)
VALUES (NULL, @last_id_in_personal_info);
SET @last_id_in_travel_info = LAST_INSERT_ID();
INSERT INTO myodyssey_tour_orders (`id`, `myodyssey_travel_info_id`) VALUES (NULL, @last_id_in_travel_info);";
if(mysql_query($form_store_sql)){
echo "done";
}
它不起作用;它不存储数据.但是,如果我从 form_store_variable 中取出 SQL 语句并将其粘贴到 phpmyadmin 的 sql 对话框中,它的行为就会有所不同,它会存储数据.我想知道在 form_store_variable 中存储 SQL 语句时我做错了什么.
It doesn't work; it doesn't store the data. But if I take the SQL statement out of the form_store_variable and paste it into phpmyadmin's sql dialog, it behaves differently, it stores the data. I wonder what I'm doing wrong storing the SQL statement in the form_store_variable.
推荐答案
mysql_*() 函数 NOT 允许在单个 查询中使用多个类似的语句 调用.这是针对某些形式的 SQL 注入攻击的基本防御.
mysql_*() functions do NOT allow multiple statements like that in a single query call. It's a basic defense against some forms of SQL injection attacks.
如果您在查询调用中使用了任何类型的错误处理,您就会被告知语法错误:
If you'd used any kind of error handling on your query call, you'd have been informed of the syntax error:
$result = mysql_query($form_store_sql);
if ($result === false) {
die(mysql_error());
}
您必须分别query()每个单独的语句.
You will have to query() each of those individual statements separately.
相关文章