一次将值插入到多个 MySQL 表中 [英] Inserting values into multiple MySQL tables at once
问题描述
我创建了迷你内容管理系统.现在有几个问题
I've created mini content management system. Now got afew questions
我正在过滤具有以下功能的帖子
I'm filtering posts with following function
function filter($data, $db)
{
$data = trim(htmlentities(strip_tags($data)));
if (get_magic_quotes_gpc())
$data = stripslashes($data);
$data = $db->escape_string($data);
return $data;
}
PHP 代码看起来像那样
And the PHP code looks like that
$name=filter($_POST['name'], $db);
$title=filter($_POST['title'], $db);
$parent=filter($_POST['parent'],$db);
$switch=filter($_POST['switch'], $db);
if($switch=''){
echo "Return back and select an option";
die();
}
$parentcheck=filter($_POST['parentcheck'],$db);
if($parentcheck=='0')
{
$parent=$parentcheck;
}
$purifier = new HTMLPurifier();
$content = $db->real_escape_string( $purifier->purify( $_POST['content']) );
if(isset($_POST['submit'])&&$_POST['submit']=='Ok'){
$result=$db->query("INSERT INTO menu (parent, name, showinmenu) VALUES ('$parent', '$name', '$switch'") or die($db->error);
$result2=$db->query("INSERT INTO pages (id, title, content) VALUES ('<what?>', '$title', '$content'") or die($db->error);
}
这就是我的桌子的样子
名为pages"的表
和菜单"
我的问题如下:
我正在尝试从
menu
表中获取自动递增的id
值('$parent', '$name', '$switch'")
插入并在pages
表中设置此id
在插入 ($title, $content) 时.怎么做?单人可以吗查询?
I'm trying to get autoincremented
id
value frommenu
table after('$parent', '$name', '$switch'")
insertion and set thisid
inpages
table while inserting ($title, $content). How to do it? Is it possible with single query?
$content
的值是带有 HTML 标签的文本.我正在使用 html 净化器.在插入数据库表之前,我也可以过滤它的值吗?任何建议/忠告?
$content
's value is the text with HTML tags. I'm using html purifier.
May I filter it's value too before inserting into db table? Any
suggestion/advice?
推荐答案
看起来您正在使用 mysqli
作为数据库库,因此您可以使用 $db->insert_id()
以检索由该特定数据库句柄的插入操作创建的 LAST id.所以你的查询会变成:
Looks like you're using mysqli
as the DB library, so you can use $db->insert_id()
to retrieve the LAST id created by an insert operation by that particular DB handle. So your queries would become:
$result=$db->query("INSERT INTO menu (parent, name, showinmenu) VALUES ('$parent', '$name', '$switch'") or die($db->error);
$new_id = $db->insert_id();
$result2=$db->query("INSERT INTO pages (id, title, content) VALUES ($new_id, '$title', '$content'") or die($db->error);
^^^^^^^
您无法在单个查询中真正做到这一点,因为在查询完成之前,mysql 不会为 insert_id 函数提供 ID 值.因此,您必须分 3 个步骤执行此操作:插入、获取 id、再次插入.
You can't really do it in a single query, as mysql does not make the ID value available for the insert_id function until AFTER the query completes. So you do have to do this in a 3 step process: insert, get id, insert again.
数据库过滤的规则(更好地称为转义)是转义用户提供的任何内容.这甚至包括您在其他数据库查询中检索并重新插入的数据.转义并不是真正的安全措施——它是为了确保您放入查询字符串的任何内容都不会破坏查询.防止 SQL 注入攻击只是这个的副作用.
The rule for DB filtering (better known as escaping) is to escape ANYTHING that's user-provided. This even includes data you've retrieve in other db queries and are re-inserting. Escaping isn't really there as a security measure - it's there to make sure that whatever you're putting into the query string doesn't BREAK the query. Preventing SQL injection attacks is just a side effect of this.
这篇关于一次将值插入到多个 MySQL 表中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!