我有这个问题。这是我的PHP代码,用于获取一个MySQL表并将数据插入另一个MySQL表:
<?php
$connect = mysql_connect("host","user","password");
if (!$connect){
die("Failed to connect to the database: ".mysql_error());
}
$kies_bd = mysql_select_db("eraenz_db1",$connect);
if (!$kies_bd){
die("failed to choose from BD: ".mysql_error());
}
$query = "SELECT ListNumber FROM residential";
$result1 = mysql_query($query);
if (mysql_num_rows($result1) >10){
$difference = mysql_num_rows($result1) - 10;
$myQuery = "SELECT * FROM residential ORDER BY id LIMIT 10, $difference";
$result2 = mysql_query($myQuery);
while ($line = mysql_fetch_array($result2)){
mysql_query("INSERT INTO lisitngs
(listnumber, mandatetype, listdate,expirydate, updatedate,virtualtoururl,status,propertyright,agnt_id, erfsize,erf_no, housesize,outbuildingsize, bathroomoptions,closedusergroup,facingoptions,features,kitchenoptions,flatlet,parking,carport,price,numofbath,numofbed, numofgarages, numofkitchens, numofreception,numofstudies,numofdomesticbath,numofdomesticbed,numofoutsidetoil,off_id,ownershiptype, parkingdesc, pooloptions,pool,sellingreason,sfeatureoptions,roofoptions,roomoptions,walloptions,windowoptions, styleoptions,securityoptions,tempcontrol,streetname,streetnumber, suburb, propertycategory,propertytype,ss_name,agentcontactname,province,city, postalcode,email,listingstatus,feedtype, rates, levies)
values ({$line['ListNumber']}','{$line['MandateType']}','{$line['ListDate']}','{$line['ExpiryDate']}','{$line['UpdateDate']}','{$line['VisualTourURL']}','{$line['Status']}','{$line['PropertyCategory']}','{$line['AgentI']}','{$line['SizeOfErf']}','{$line['StandNumber']}','{$line['SizeOfHouse']}','{$line['SizeOfOutBuildings']}','{$line['BathroomOptions']}','{$line['ClosedUserGroup']}','{$line['FacingDescrip']}','{$line['Features']}','{$line['KitchenOptions']}','{$line['Flatlet']}','{$line['Parking']}','{$line['NumOfCarports']}','{$line['ListPrice']}','{$line['NumOfBathrooms']}','{$line['NumOfBedrooms']}','{$line['NumOfGarages']}','{$line['NumOfKitchens']}','{$line['NumReceptionRooms']}','{$line['NumStudies']}','{$line['NumOfDomBathrooms']}','{$line['NumOfDomBedrooms']}','{$line['NumOfOutSideToilets']}','{$line['OfficeId']}','{$line['OwnershipType']}','{$line['ParkingDesc']}','{$line['PoolOptions']}','{$line['Pool']}','{$line['ReasonForSelling']}','{$line['SpecialFeatures']}','{$line['RoofOptions']}','{$line['RoomOptions']}','{$line['WallFinishes']}','{$line['Windows']}','{$line['StyleOptions']}','{$line['SecurityOptions']}','{$line['TempControl']}','{$line['StreetName']}','{$line['StreetNumber']}','{$line['Suburb']}','{$line['PropertyCategory']}','{$line['TypeOfProperty']}','{$line['UnitName']}','{$line['AgentContactName']}','{$line['Province']}','{$line['City']}','{$line['PostalCode']}','{$line['SellerEmail']}','{$line['Status']}','{$line['FeedType']}','{$line['MunRatesTaxes']}','{$line['MonthlyLevy']}')");
mysql_query("INSERT INTO clients
(clnt_title,clnt_name,clnt_surname,clnt_street_name,clnt_street_no,clnt_complex_name,clnt_unit_no,clnt_suburb,clnt_city,clnt_cell,clnt_email,agnt_id,)
values ({$line['SellerTitle']}','{$line['SellerFirstName']}','{$line['SellerSurname']}','{$line['StreetName']}','{$line['StreetNumber']}','{$line['UnitName']}','{$line['UnitNumber']}','{$line['Suburb']}','{$line['City']}','{$line['SellerMobileNumber']}','{$line['SellerEmail']}','{$line['AgentID']}')");
mysql_query("DELETE FROM residential WHERE ListNumber={$line['ListNumber']}");
echo "{$line['ListNumber']} was deleted <br/>";
}
}
mysql_close($connect);
?>
现在并非所有这些列都与它们应该插入的计数器部分列兼容。
我的问题是,如何将这些不兼容的字符串保存到变量中,然后将它们插入数据库表?
答案 0 :(得分:0)
使用Prepared Statements。 PHP将自动为您转换类型,并且您可以防止注入攻击。
实际上,你应该在你的代码中到处使用Prepared Statements ...从字符串构建SQL是一个坏习惯。