使用括号的 MySQL 更新语法 [英] MySQL Update Syntax Using Parentheses

问题描述

在下面的代码中，$keyresult 和 $valueresult 是我的数据库中以逗号分隔的列列表，以及我想在标识的行中放入它们的值.问题是，代码没有按照我希望的那样做，并且在查询中返回了一个语法错误.

In the following code $keyresult and $valueresult are comma separated lists of columns in my db and the values I want to put into them in the identified row. The problem is, the code isn't doing what I hoped it would and is returning a syntax error in the query.

$q3 = "UPDATE post SET ($keyresult) VALUES ('$valueresult') WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";

我该如何修正这个语法?

How can I fix the syntax of this?

推荐答案

您正在混合 INSERT 和 UPDATE 语法.

You are mixing INSERT and UPDATE syntax.

$q3 = "UPDATE `post` SET `$keyresult` = '$valueresult' 
       WHERE user_id='$user_id' AND post_id='$post_id' AND post_status='active'";

我假设您正确转义 $valueresult、$user_id 和 $post_id before执行您的查询.如果不是，并且这些是用户提供的值，则您对SQL 注入持开放态度.我建议查看准备好的声明以消除这种风险.

I am assuming you are properly escaping $valueresult, $user_id, and $post_id before you are executing your query. If not, and these are user-supplied values, you are wide open to SQL injections. I recommend looking into prepared statements to eliminate this risk.

这篇关于使用括号的 MySQL 更新语法的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！