PHP 中的 SQL 语句与 phpmyadmin 中的 SQL 语句的行为不同

SQL statement in PHP behaves differently than SQL statement in phpmyadmin(PHP 中的 SQL 语句与 phpmyadmin 中的 SQL 语句的行为不同)

问题描述

我有

$form_store_sql = "                                                                                                                    
     INSERT INTO myodyssey_myaccount (`id`, `email`, `username`, `password`) VALUES (NULL, 'email', 'unixmiah.formtest', 'woohoo');         

     SET @last_id_in_myaccount = LAST_INSERT_ID();                                                                                      

     INSERT INTO myodyssey_personal_info (`id`, `myodyssey_myaccount_id`) VALUES (NULL, @last_id_in_myaccount);                             

    SET @last_id_in_personal_info = LAST_INSERT_ID();                                                                                  

    INSERT INTO myodyssey_travel_info (`id`, `myodyssey_personal_info_id`)                                                                 
        VALUES (NULL, @last_id_in_personal_info);                                                                                                      

     SET @last_id_in_travel_info = LAST_INSERT_ID();                                                                                    

     INSERT INTO myodyssey_tour_orders (`id`, `myodyssey_travel_info_id`) VALUES (NULL, @last_id_in_travel_info);";

     if(mysql_query($form_store_sql)){
       echo "done";
     }

它不起作用；它不存储数据.但是，如果我从 form_store_variable 中取出 SQL 语句并将其粘贴到 phpmyadmin 的 sql 对话框中，它的行为就会有所不同，它会存储数据.我想知道在 form_store_variable 中存储 SQL 语句时我做错了什么.

It doesn't work; it doesn't store the data. But if I take the SQL statement out of the form_store_variable and paste it into phpmyadmin's sql dialog, it behaves differently, it stores the data. I wonder what I'm doing wrong storing the SQL statement in the form_store_variable.

推荐答案

mysql_*() 函数 NOT 允许在单个 查询中使用多个类似的语句 调用.这是针对某些形式的 SQL 注入攻击的基本防御.

mysql_*() functions do NOT allow multiple statements like that in a single query call. It's a basic defense against some forms of SQL injection attacks.

如果您在查询调用中使用了任何类型的错误处理，您就会被告知语法错误:

If you'd used any kind of error handling on your query call, you'd have been informed of the syntax error:

$result = mysql_query($form_store_sql);
if ($result === false) {
   die(mysql_error());
}

您必须分别query()每个单独的语句.

You will have to query() each of those individual statements separately.

这篇关于PHP 中的 SQL 语句与 phpmyadmin 中的 SQL 语句的行为不同的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！