Question

我看了看，主要是在UPDATE有多个表。一次或两次我用5个表特别搜索。这些例子大多只显示两个表格。

当我运行下面的代码时，我收到以下消息：更新memret 1：您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册，以便在'附近使用正确的语法'（M.first = test，M.last = nine，M.address1 = 999 woodland，M.zip = 21122，M.emai'at line五根据我的研究，这种情况很多。我已多次切换代码。这是我最近可能会飞的东西，但它与上面的消息一样崩溃。

此代码如下，后跟mysql db记录。

请帮忙！

$sql = "UPDATE membership AS M
        LEFT JOIN address2 AS A2 ON M.memno1 = A2.memno2
      LEFT JOIN contact AS Con ON M.memno1 = Con.memno3
        LEFT JOIN workers AS W ON M.memno1 = W.memno4
      LEFT JOIN comments AS Com ON M.memno1 = Com.memno5";
$sql.=" SET (M.first = $first, M.last = $last, M.address1 = $address1,";               
$sql.=" M.zip = $zip, M.email = $email, M.password = $password,";
$sql.=" M.secq = $secq,M.seca = $seca,";
$sql.=" A2.address2 = $address2,";
$sql.=" Con.home = $home, Con.cell = $cell, Con.work = $work,";
$sql.=" W.webhelp = $webhelp, W.locorg = $locorg, W.candasst = $candasst,";
$sql.=" W.loccam = $loccam, W.other = $other, W.otherexp = $otherexp,";
$sql.=" Com.comment = $comment) WHERE memno1=$memno";
$result = mysql_query($sql) or die("update for memret 1: ".mysql_error());

memno1第一个上一个地址1个zip邮箱密码secq seca memno2 address2 memno3 home cell work memno4 webhelp locorg candasst loccam other otherexp memno5 comment memno6 office first last address1 address2 zip 9测试9 999林地21122 tn9@aol.com tn9999房子残骸9转9 93232244 333556666 2223335555 9是是ceo 9测试新方

Answer 1

这是 SQL注入。如果我正确读取错误消息，$address1为"999 woodland"，SQL解析器将无法正确处理它。

停止将原始变量替换为查询字符串。（并且也停止使用mysql_*函数。它们已被弃用。）准备好的声明将在这里走很长的路。

// assumes an existing PDO database connection in $conn
// requires exception-handling code (PDOException)
// requires you to check that e.g. integer fields will be updated with integers
$sql = "UPDATE membership AS M
  LEFT JOIN address2 AS A2 ON M.memno1 = A2.memno2
  LEFT JOIN contact AS Con ON M.memno1 = Con.memno3
  LEFT JOIN workers AS W ON M.memno1 = W.memno4
  LEFT JOIN comments AS Com ON M.memno1 = Com.memno5
  SET (M.first = :first, M.last = :last, M.address1 = :address1,
       M.zip = :zip, M.email = :email, M.password = :password,
       M.secq = :secq, M.seca = :seca,
       A2.address2 = :address2,
       Con.home = :home, Con.cell = :cell, Con.work = :work,
       W.webhelp = :webhelp, W.locorg = :locorg, W.candasst = :candasst,
       W.loccam = :loccam, W.other = :other, W.otherexp = :otherexp,
       Com.comment = :comment) WHERE memno1 = :memno";
$query = $conn->prepare($sql);
$params = array(":first" => $first, ":last" => $last, ":address1" => $address1,
                ":zip" => $zip, ":email" => $email, ":password" => $password,
                ":secq" => $secq, ":seca" => $seca,
                ":address2" => $address2,
                ":home" => $home, ":cell" => $cell, ":work" => $work,
                ":webhelp" => $webhelp, ":locorg" => $locorg,
                ":candasst" => $candasst,
                ":loccam" => $loccam, ":other" => $other,
                ":otherexp" => $otherexp,
                ":comment" => $comment, ":memno" => $memno);
$did_we_succeed = $query->execute($params);

五个表的mysql更新

1 个答案: