使用括号的 MySQL 更新语法 [英] MySQL Update Syntax Using Parentheses
问题描述
在下面的代码中,$keyresult 和 $valueresult 是我的数据库中以逗号分隔的列列表,以及我想在标识的行中放入它们的值.问题是,代码没有按照我希望的那样做,并且在查询中返回了一个语法错误.
In the following code $keyresult and $valueresult are comma separated lists of columns in my db and the values I want to put into them in the identified row. The problem is, the code isn't doing what I hoped it would and is returning a syntax error in the query.
$q3 = "UPDATE post SET ($keyresult) VALUES ('$valueresult') WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";
我该如何修正这个语法?
How can I fix the syntax of this?
推荐答案
您正在混合 INSERT 和 UPDATE 语法.
You are mixing INSERT and UPDATE syntax.
$q3 = "UPDATE `post` SET `$keyresult` = '$valueresult'
WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";
我假设您正确转义 $valueresult
、$user_id
和 $post_id
before执行您的查询.如果不是,并且这些是用户提供的值,则您对SQL 注入持开放态度.我建议查看准备好的声明以消除这种风险.
I am assuming you are properly escaping $valueresult
, $user_id
, and $post_id
before you are executing your query. If not, and these are user-supplied values, you are wide open to SQL injections. I recommend looking into prepared statements to eliminate this risk.
这篇关于使用括号的 MySQL 更新语法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!