一次将值插入到多个 MySQL 表中 [英] Inserting values into multiple MySQL tables at once

问题描述

我创建了迷你内容管理系统.现在有几个问题

I've created mini content management system. Now got afew questions

我正在过滤具有以下功能的帖子

I'm filtering posts with following function

function filter($data, $db)
{
    $data = trim(htmlentities(strip_tags($data)));
    if (get_magic_quotes_gpc())
    $data = stripslashes($data);
    $data = $db->escape_string($data);
    return $data;
}

PHP 代码看起来像那样

And the PHP code looks like that

$name=filter($_POST['name'], $db);
$title=filter($_POST['title'], $db);
$parent=filter($_POST['parent'],$db);
$switch=filter($_POST['switch'], $db);
    if($switch=''){
        echo "Return back and select an option";
        die();
    }
$parentcheck=filter($_POST['parentcheck'],$db);
    if($parentcheck=='0')
    {
        $parent=$parentcheck;
    }   
$purifier = new HTMLPurifier();
$content = $db->real_escape_string( $purifier->purify( $_POST['content']) );

if(isset($_POST['submit'])&&$_POST['submit']=='Ok'){
    $result=$db->query("INSERT INTO menu (parent, name, showinmenu) VALUES ('$parent', '$name', '$switch'") or die($db->error);
    $result2=$db->query("INSERT INTO pages (id, title, content) VALUES ('<what?>', '$title', '$content'") or die($db->error);           
    }

这就是我的桌子的样子

名为pages"的表

和菜单"

我的问题如下:

1. 我正在尝试从 menu 表中获取自动递增的 id 值('$parent', '$name', '$switch'") 插入并在 pages 表中设置此 id在插入 ($title, $content) 时.怎么做?单人可以吗查询?

1. I'm trying to get autoincremented id value from menu table after ('$parent', '$name', '$switch'") insertion and set this id in pages table while inserting ($title, $content). How to do it? Is it possible with single query?

$content 的值是带有 HTML 标签的文本.我正在使用 html 净化器.在插入数据库表之前，我也可以过滤它的值吗?任何建议/忠告?

$content's value is the text with HTML tags. I'm using html purifier. May I filter it's value too before inserting into db table? Any suggestion/advice?

推荐答案

看起来您正在使用 mysqli 作为数据库库，因此您可以使用 $db->insert_id() 以检索由该特定数据库句柄的插入操作创建的 LAST id.所以你的查询会变成:

Looks like you're using mysqli as the DB library, so you can use $db->insert_id() to retrieve the LAST id created by an insert operation by that particular DB handle. So your queries would become:

$result=$db->query("INSERT INTO menu (parent, name, showinmenu) VALUES ('$parent', '$name', '$switch'") or die($db->error);
$new_id = $db->insert_id();
$result2=$db->query("INSERT INTO pages (id, title, content) VALUES ($new_id, '$title', '$content'") or die($db->error);           
                                                                    ^^^^^^^

您无法在单个查询中真正做到这一点，因为在查询完成之前，mysql 不会为 insert_id 函数提供 ID 值.因此，您必须分 3 个步骤执行此操作:插入、获取 id、再次插入.

You can't really do it in a single query, as mysql does not make the ID value available for the insert_id function until AFTER the query completes. So you do have to do this in a 3 step process: insert, get id, insert again.

数据库过滤的规则(更好地称为转义)是转义用户提供的任何内容.这甚至包括您在其他数据库查询中检索并重新插入的数据.转义并不是真正的安全措施——它是为了确保您放入查询字符串的任何内容都不会破​​坏查询.防止 SQL 注入攻击只是这个的副作用.

The rule for DB filtering (better known as escaping) is to escape ANYTHING that's user-provided. This even includes data you've retrieve in other db queries and are re-inserting. Escaping isn't really there as a security measure - it's there to make sure that whatever you're putting into the query string doesn't BREAK the query. Preventing SQL injection attacks is just a side effect of this.

这篇关于一次将值插入到多个 MySQL 表中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！