从一个tbl中选择一列并插入另一个表中的另一列

时间:2013-01-24 23:27:40

标签: mysql

有谁能告诉我我的查询有什么问题? 我有两个表事件和客户,我想从客户表中选择客户ID并将其插入事件表中的customer_id列。这只是customers表中的登录ID与登录用户ID

相同的位置
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) 
VALUES(customer-id,'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."',  '".$event_date."') SELECT customer_id  FROM 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID'].";";

3 个答案:

答案 0 :(得分:1)

试试这个

   $insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) 
   VALUES((select customer-id from 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID']."),'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."',  '".$event_date."') ";

答案 1 :(得分:1)

  • INSERT的语法需要VALUES子句或SELECT作为行的来源,但不需要两者。

  • 您使用单引号作为SELECT的表名,但单引号仅适用于字符串文字或日期文字。

  • 您没有使用查询参数,因此您使用丑陋的代码来管理引用的变量。我假设$safe_意味着你已经转义了变量,所以至少你可能没有机会进行SQL注入。

我会用这种方式用PDO写声明:

$cust_sql = "SELECT customer_id FROM customer WHERE login_id = :login_id";
$stmt = $pdo->prepare($cust_sql);
// test if $stmt is false
$result = $stmt->execute(array(":login_id" => $_SESSION['SESS_LOGIN_ID']));
// test if $result is false
while ($row = $result->fetch()) {
  $customer_id = $row["customer_id"];
}

$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type,
    event_shortdesc, event_vanue, event_start) 
  VALUES (:customer_id, :videographer_package, :event_type, 
   :event_shortdesc, :event_vanue, :event_start)";
$stmt = $pdo->prepare($cust_sql);
// test if $insEvent_stmt is false
$result = $insEvent_stmt->execute(array(
  ":customer_id"         => $customer_id,
  ":videographer_package"=> $videography_package,
  ":event_type"          => $event_type,
  ":event_shortdesc"     => $event_shortdesc,
  ":event_vanue"         => $event_vanue,
  ":event_start"         => $event_date
));
// test if $result is false

答案 2 :(得分:0)

您不能INSERT一行后跟SELECT。解决方法是将行添加到SELECT

$insEvent_sql = "INSERT INTO event 
            (customer_id, 
             videography_package, 
             event_type, 
             event_shortdesc, 
             event_vanue, 
             event_start) 
SELECT 'customer-id'                        AS customer_id, 
       '" . $safe_videography_package . "'  AS videography_package, 
       '" . $safe_event_type . "'           AS event_type, 
       '" . $safe_event_shortdesc . "'      AS event_shortdesc, 
       '" . $safe_event_vanue . "'          AS event_venu, 
       '" . $event_date . "'        AS event_start 
UNION ALL 
SELECT customer_id, NULL, NULL, NULL, NULL, NULL
FROM   customer 
WHERE  login_id = " . $_SESSION['SESS_LOGIN_ID']; 

使用样本数据:

$safe_videography_package = 'package1';
$safe_event_type = 'type1';
$safe_event_shortdesc = 'short description';
$safe_event_vanue = 'some venu';
$event_date = '2012-05-05';
$_SESSION['SESS_LOGIN_ID'] = 1;

将产生:

INSERT INTO event 
            (customer_id, 
             videography_package, 
             event_type, 
             event_shortdesc, 
             event_vanue, 
             event_start) 
SELECT 'customer-id'       AS customer_id, 
       'package1'          AS videography_package, 
       'type1'             AS event_type, 
       'short description' AS event_shortdesc, 
       'some venu'         AS event_venu, 
       '2012-05-05'        AS event_start 
UNION ALL 
SELECT customer_id, NULL, NULL, NULL, NULL, NULL
FROM   customer 
WHERE  login_id = 1