PHP中的SQL语句与phpmyadmin中的SQL语句行为不同 [英] SQL statement in PHP behaves differently than SQL statement in phpmyadmin
问题描述
我有
$form_store_sql = "
INSERT INTO myodyssey_myaccount (`id`, `email`, `username`, `password`) VALUES (NULL, 'email', 'unixmiah.formtest', 'woohoo');
SET @last_id_in_myaccount = LAST_INSERT_ID();
INSERT INTO myodyssey_personal_info (`id`, `myodyssey_myaccount_id`) VALUES (NULL, @last_id_in_myaccount);
SET @last_id_in_personal_info = LAST_INSERT_ID();
INSERT INTO myodyssey_travel_info (`id`, `myodyssey_personal_info_id`)
VALUES (NULL, @last_id_in_personal_info);
SET @last_id_in_travel_info = LAST_INSERT_ID();
INSERT INTO myodyssey_tour_orders (`id`, `myodyssey_travel_info_id`) VALUES (NULL, @last_id_in_travel_info);";
if(mysql_query($form_store_sql)){
echo "done";
}
它不起作用;它不存储数据.但是,如果我从form_store_variable中取出SQL语句并将其粘贴到phpmyadmin的sql对话框中,它的行为将有所不同,它将存储数据.我想知道我在将SQL语句存储在form_store_variable中做错了什么.
It doesn't work; it doesn't store the data. But if I take the SQL statement out of the form_store_variable and paste it into phpmyadmin's sql dialog, it behaves differently, it stores the data. I wonder what I'm doing wrong storing the SQL statement in the form_store_variable.
推荐答案
mysql_*()函数确实不允许在单个query调用中使用多个语句.这是针对某些形式的SQL注入攻击的基本防御.
mysql_*() functions do NOT allow multiple statements like that in a single query call. It's a basic defense against some forms of SQL injection attacks.
如果您在查询调用中使用了任何类型的错误处理,则系统会通知您语法错误:
If you'd used any kind of error handling on your query call, you'd have been informed of the syntax error:
$result = mysql_query($form_store_sql);
if ($result === false) {
die(mysql_error());
}
您将必须分别query()每个单独的语句.
You will have to query() each of those individual statements separately.
这篇关于PHP中的SQL语句与phpmyadmin中的SQL语句行为不同的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
