SQL语句中的变量 [英] A Variable In a SQL Statement

问题描述

我正在从该语句中获取IP地址，并且要将IP传递到SQL语句...这是正确的吗?

I''m getting the IP address from this statement and I want to pass the IP onto a SQL statement...Is this correct?

int *addressValue = new int();
char *address = "192.168.1.103";
inet_pton(AF_INET, address, addressValue);
if (ip_header->source_ip != *addressValue)
{
    mysql_query(conn, "SelectCount(*) FROM tblURL WHERE IP = ip_header;source_ip And Status ='Active'");
}

推荐答案

否.在这么多层次上...

No. On so many levels...

SelectCount(*)

至少需要一个空格-将SELECT与Count
分开

Needs at least one space - to separate SELECTfrom Count

"SelectCount(*) FROM tblURL WHERE IP = ip_header;source_ip And Status =''Active''"

是一个字符串.因此，它将按原样直接传递给MySql .然后，MySql会向您抛出错误，因为它无法将source_ip识别为命令(;"将终止select语句).

串联文本字符串以生成Sql Satement最好是避免灾难的秘诀:改为使用参数化查询.

Is a string. and as such will be passed though to MySql exactly as it is. MySql will then throw an error at you, because it does not recognize source_ip as a command (the '';'' will terminate the select statement).

Concatenating text strings to make a Sql Satement is a recipe for disaster at the best of times: use parametrized queries instead.

sprintf(Query,"SELECT COUNT(*) FROM tblURL WHERE IP='%d' AND Status='Active'",(*addressValue));
Resource=mysql_query(conn,Query);

我不知道你不知道如何创建一个字符串......................................

哼哼

I wonder you dont know how to create a string................................

humm

这篇关于SQL语句中的变量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！