SQL语句中的变量 [英] A Variable In a SQL Statement
问题描述
我正在从该语句中获取IP地址,并且要将IP传递到SQL语句...这是正确的吗?
I''m getting the IP address from this statement and I want to pass the IP onto a SQL statement...Is this correct?
int *addressValue = new int();
char *address = "192.168.1.103";
inet_pton(AF_INET, address, addressValue);
if (ip_header->source_ip != *addressValue)
{
mysql_query(conn, "SelectCount(*) FROM tblURL WHERE IP = ip_header;source_ip And Status ='Active'");
}
推荐答案
否.在这么多层次上...
No. On so many levels...
SelectCount(*)
至少需要一个空格-将SELECT
与Count
分开
Needs at least one space - to separate SELECT
from Count
"SelectCount(*) FROM tblURL WHERE IP = ip_header;source_ip And Status =''Active''"
是一个字符串.因此,它将按原样直接传递给MySql .然后,MySql会向您抛出错误,因为它无法将source_ip
识别为命令(;"将终止select语句).
串联文本字符串以生成Sql Satement最好是避免灾难的秘诀:改为使用参数化查询.
Is a string. and as such will be passed though to MySql exactly as it is. MySql will then throw an error at you, because it does not recognize source_ip
as a command (the '';'' will terminate the select statement).
Concatenating text strings to make a Sql Satement is a recipe for disaster at the best of times: use parametrized queries instead.
sprintf(Query,"SELECT COUNT(*) FROM tblURL WHERE IP='%d' AND Status='Active'",(*addressValue));
Resource=mysql_query(conn,Query);
我不知道你不知道如何创建一个字符串......................................
哼哼
I wonder you dont know how to create a string................................
humm
这篇关于SQL语句中的变量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!