有谁能告诉我我的查询有什么问题? 我有两个表事件和客户,我想从客户表中选择客户ID并将其插入事件表中的customer_id列。这只是customers表中的登录ID与登录用户ID
相同的位置$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start)
VALUES(customer-id,'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."', '".$event_date."') SELECT customer_id FROM 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID'].";";
答案 0 :(得分:1)
试试这个
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start)
VALUES((select customer-id from 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID']."),'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."', '".$event_date."') ";
答案 1 :(得分:1)
INSERT
的语法需要VALUES
子句或SELECT
作为行的来源,但不需要两者。
您使用单引号作为SELECT
的表名,但单引号仅适用于字符串文字或日期文字。
您没有使用查询参数,因此您使用丑陋的代码来管理引用的变量。我假设$safe_
意味着你已经转义了变量,所以至少你可能没有机会进行SQL注入。
我会用这种方式用PDO写声明:
$cust_sql = "SELECT customer_id FROM customer WHERE login_id = :login_id";
$stmt = $pdo->prepare($cust_sql);
// test if $stmt is false
$result = $stmt->execute(array(":login_id" => $_SESSION['SESS_LOGIN_ID']));
// test if $result is false
while ($row = $result->fetch()) {
$customer_id = $row["customer_id"];
}
$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type,
event_shortdesc, event_vanue, event_start)
VALUES (:customer_id, :videographer_package, :event_type,
:event_shortdesc, :event_vanue, :event_start)";
$stmt = $pdo->prepare($cust_sql);
// test if $insEvent_stmt is false
$result = $insEvent_stmt->execute(array(
":customer_id" => $customer_id,
":videographer_package"=> $videography_package,
":event_type" => $event_type,
":event_shortdesc" => $event_shortdesc,
":event_vanue" => $event_vanue,
":event_start" => $event_date
));
// test if $result is false
答案 2 :(得分:0)
您不能INSERT
一行后跟SELECT
。解决方法是将行添加到SELECT
:
$insEvent_sql = "INSERT INTO event
(customer_id,
videography_package,
event_type,
event_shortdesc,
event_vanue,
event_start)
SELECT 'customer-id' AS customer_id,
'" . $safe_videography_package . "' AS videography_package,
'" . $safe_event_type . "' AS event_type,
'" . $safe_event_shortdesc . "' AS event_shortdesc,
'" . $safe_event_vanue . "' AS event_venu,
'" . $event_date . "' AS event_start
UNION ALL
SELECT customer_id, NULL, NULL, NULL, NULL, NULL
FROM customer
WHERE login_id = " . $_SESSION['SESS_LOGIN_ID'];
使用样本数据:
$safe_videography_package = 'package1'; $safe_event_type = 'type1'; $safe_event_shortdesc = 'short description'; $safe_event_vanue = 'some venu'; $event_date = '2012-05-05'; $_SESSION['SESS_LOGIN_ID'] = 1;
将产生:
INSERT INTO event (customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) SELECT 'customer-id' AS customer_id, 'package1' AS videography_package, 'type1' AS event_type, 'short description' AS event_shortdesc, 'some venu' AS event_venu, '2012-05-05' AS event_start UNION ALL SELECT customer_id, NULL, NULL, NULL, NULL, NULL FROM customer WHERE login_id = 1