两个mysqli查询

时间:2012-06-07 00:23:02

标签: php mysqli

是否可以有两个mysqli_queries如此?:

mysqli_query($dblink, "INSERT INTO images (project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name) VALUES ('$project_id', '$user_id', '$image_name', '$date_created', '$link_to_file', '$thumbnail', '$ImageName')") or die(mysql_error());
                          mysqli_query($dblink, "INSERT INTO images_history (project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name, day, month, year) VALUES ('$project_id', '$user_id', '$image_name', '$date_created', '$link_to_file', '$thumbnail', '$ImageName', '$day', '$month', '$year')") or die(mysql_error());

基本上我想更新数据库中的两个表。有更好的方法吗?

3 个答案:

答案 0 :(得分:24)

可以使用mysqli_multi_query()

示例:

<?php

$mysqli = new mysqli($host, $user, $password, $database);

// create string of queries separated by ;
$query  = "INSERT INTO images (project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name) VALUES ('$project_id', '$user_id', '$image_name', '$date_created', '$link_to_file', '$thumbnail', '$ImageName');";
$query .= "INSERT INTO images_history (project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name, day, month, year) VALUES ('$project_id', '$user_id', '$image_name', '$date_created', '$link_to_file', '$thumbnail', '$ImageName', '$day', '$month', '$year');";

// execute query - $result is false if the first query failed
$result = mysqli_multi_query($mysqli, $query);

if ($result) {
    do {
        // grab the result of the next query
        if (($result = mysqli_store_result($mysqli)) === false && mysqli_error($mysqli) != '') {
            echo "Query failed: " . mysqli_error($mysqli);
        }
    } while (mysqli_more_results($mysqli) && mysqli_next_result($mysqli)); // while there are more results
} else {
    echo "First query failed..." . mysqli_error($mysqli);
}

关键是,如果要在一次调用中执行多个查询,必须使用mysqli_multi_query。出于安全原因,mysqli_query将不会执行多个查询以防止SQL注入。

还要记住mysqli_store_result的行为。如果查询没有结果集(FALSE查询没有),则返回INSERT,因此您还必须检查mysqli_error以查看它返回一个空字符串,表示INSERT很成功。

请参阅:
mysqli_multi_query
mysqli_more_results
mysqli_next_result
mysqli_store_result

答案 1 :(得分:1)

  

一劳永逸!使用此函数可以在脚本中的任何位置获得无限数量的查询结果。

<强>功能:

您只需将多查询的输出传递给函数,它就会返回在每个查询中找到的所有结果和错误。

  function loop_multi($result){
    //use the global variable $conn in this function
    global $conn;
    //an array to store results and return at the end
    $returned = array("result"=>array(),"error"=>array());
    //if first query doesn't return errors
      if ($result){
        //store results of first query in the $returned array
        $returned["result"][0] = mysqli_store_result($conn);
        //set a variable to loop and assign following results to the $returned array properly
        $count = 0;
        // start doing and keep trying until the while condition below is not met
        do {
            //increase the loop count by one
            $count++;
            //go to the next result
            mysqli_next_result($conn);
            //get mysqli stored result for this query
            $result = mysqli_store_result($conn);
            //if this query in the loop doesn't return errors
            if($result){
              //store results of this query in the $returned array
              $returned["result"][$count] = $result;
            //if this query in the loop returns errors
            }else{
              //store errors of this query in the $returned array
              $returned["error"][$count] = mysqli_error($conn);
            }
        }
        // stop if this is false
        while (mysqli_more_results($conn));
      }else{
        //if first query returns errors
        $returned["error"][0] = mysqli_error($conn);
      }
    //return the $returned array
    return $returned;
  }

<强>用法: 

$query  = "INSERT INTO table1 (attribute1) VALUES ('value1');";
$query .= "INSERT INTO table2 (attribute2) VALUES ('value2');";
$query .= "SELECT * FROM table3;";

//execute query
$result = mysqli_multi_query($conn, $query);
//pass $result to the loop_multi function
$output = loop_multi($result);

<强>输出

$ output包括由查询排序的2个数组“result”和“error”。例如,如果您需要检查执行第三个查询时是否发生任何错误并获取其结果,您可以执行以下操作:

if(isset($output['error'][2]) && $output['error'][2] !== ""){
  echo $output['error'][2];
}else{
  while($row = $output['result'][2]->fetch_assoc()) {
    print_r($row);
  }
}

答案 2 :(得分:1)

关于Stack Overflow的一些答案是如此自相矛盾,以至于只是令人着迷

  

关键是如果要在单个调用中执行多个查询,则必须使用mysqli_multi_query。 出于安全原因,mysqli_query不会执行多个查询以防止SQL注入

它基本上说:“关键是您必须使用没有安全钩的枪支,因为常规武器不会让您用脚射击自己。所以这是分解它的方法,现在您一口气就能瘫痪自己!”

尽管OP引用了显式警告,但一次并没有询问如何在单个调用中运行两个查询的事实,这实际上是危险,答案无疑会提供绕过此限制的方法。

最糟糕的是,所有这些危险而繁琐的混乱都是徒劳的。仅仅是因为没有一个单一的原因要求在一个调用中运行多个查询。一个一个地运行查询就是要使用的数据库API 的方式。

  

基本上,我想更新数据库中的两个表。有更好的方法吗?

是的。只需使用两个准备好的查询即可。

$stmt = $dblink->prepare("INSERT INTO images 
(project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name) 
VALUES (?,?,?,?,?,?,?)");
$stmt->bind_param("ssssss", $project_id, $user_id, $image_name, $date_created, $link_to_file, $thumbnail, $ImageName);
$stmt->execute();

$stmt = $dblink->prepare("INSERT INTO images_history 
(project_id, user_id, image_name, date_created, link_to_file, link_to_thumbnail, given_name, day, month, year)
VALUES (?,?,?,?,?,?,?,?,?,?)");
$stmt->bind_param("ssssssssss", $project_id, $user_id, $image_name, $date_created, $link_to_file, $thumbnail, $ImageName, $day, $month, $year);
$stmt->execute();

它不仅更清洁,而且还 100%的SQL注入安全性

如果您的查询之一失败,只需ask mysqli for the error message and then fix the error

相关问题
最新问题