Mysql用户无法更新临时表(拥有所有权限)

时间:2015-03-18 08:11:53

标签: mysql privileges temporary

我尝试通过php执行以下查询:

            CREATE TEMPORARY TABLE temp_table 
            AS 
            SELECT * FROM vacancies WHERE vacancyid = '22207';
            UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
            INSERT INTO newdatabase.vacancies SELECT * FROM temp_table;
            DROP TEMPORARY TABLE temp_table;

这会出错:

Errormessage: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';

如果我在PMA中直接执行查询它可以正常工作。 我在PHP中连接的用户有以下优点:

GRANT ALL PRIVILEGES ON firstdatabase.* TO 'username'@'%' WITH GRANT OPTION;

GRANT ALL PRIVILEGES ON newdatabase.* TO 'username'@'%' WITH GRANT OPTION;

任何人都有线索?

PHP代码:

            //Get the new autoincrement id of the vacancy of individual jobboard
            $iNewId = $db->lookup("SELECT vacancyid FROM ".$aBoardInfo['username'].".vacancies ORDER BY vacancyid DESC LIMIT 1");
            $iNewId = $iNewId + 1;  

            $db->query("                                
        CREATE TEMPORARY TABLE temp_table 
        AS 
        SELECT * FROM vacancies WHERE vacancyid = '". $iVacancyid ."' ; 

        UPDATE temp_table SET vacancyid=". $iNewId ." WHERE vacancyid='". $iVacancyid ."' ; 

        INSERT INTO ".$aBoardInfo['username'].".vacancies SELECT * FROM temp_table ; 

        DROP TEMPORARY TABLE temp_table ;   
        ");

1 个答案:

答案 0 :(得分:0)

如示例2中的documentation所述

示例#2 SQL注入 

<?php
$mysqli = new mysqli("example.com", "user", "password", "database");
$res    = $mysqli->query("SELECT 1; DROP TABLE mysql.user");
if (!$res) {
    echo "Error executing query: (" . $mysqli->errno . ") " . $mysqli->error;
}
?>
     

以上示例将输出:

     

执行查询时出错:(1064)您的SQL语法出错;   检查与您的MySQL服务器版本对应的手册   正确的语法使用附近&#39; DROP TABLE mysql.user&#39;在第1行

     

准备好的陈述

     

使用带有预准备语句的多语句不是   支撑。

相关问题
最新问题