1. 首頁
  2. 問答
  3. 特定的查詢語法在php mysqli中無效,但不在MySQL CLI中。

特定的查詢語法在php mysqli中無效,但不在MySQL CLI中。

2012-12-20 19 views
1

當我嘗試在PHP mysqli中執行它時,此查詢給我提供了語法錯誤,但在MySQL CLI中執行時沒有。有人能告訴我這裏發生了什麼嗎?特定的查詢語法在php mysqli中無效,但不在MySQL CLI中。

這裏的查詢:

DROP TABLE IF EXISTS `wp_commentmeta`; 
    CREATE TABLE `wp_commentmeta` (
     `meta_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 
     `comment_id` bigint(20) unsigned NOT NULL DEFAULT '0', 
     `meta_key` varchar(255) DEFAULT NULL, 
     `meta_value` longtext, 
     PRIMARY KEY (`meta_id`), 
     KEY `comment_id` (`comment_id`), 
     KEY `meta_key` (`meta_key`) 
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1;

下面是測試代碼:

<?php 

$sql=" 
    DROP TABLE IF EXISTS `wp_commentmeta`; 
    CREATE TABLE `wp_commentmeta` (
     `meta_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 
     `comment_id` bigint(20) unsigned NOT NULL DEFAULT '0', 
     `meta_key` varchar(255) DEFAULT NULL, 
     `meta_value` longtext, 
     PRIMARY KEY (`meta_id`), 
     KEY `comment_id` (`comment_id`), 
     KEY `meta_key` (`meta_key`) 
    ) ENGINE=MyISAM DEFAULT CHARSET=latin1; 
"; 

$conn=mysqli_connect('localhost','root','yesthereis','test'); 
if(mysqli_query($conn, $sql)){ 
    echo "Inserted\n"; 
}else{ 
    echo "Failed\n".mysqli_error($conn)."\n"; 
} 
?>

...和它的執行:

[email protected]:~/code/$ php test.php 
Failed 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'CREATE TABLE `wp_commentmeta` (
     `meta_id` bigint(20) unsigned NOT NULL AUT' at line 2

正如你所看到的,它工作正常CLI:

[email protected]:~/code/mysqlsync2$ mysql -u root -p'yesthereis' test 
Reading table information for completion of table and column names 
You can turn off this feature to get a quicker startup with -A 

Welcome to the MySQL monitor. Commands end with ; or \g. 
Your MySQL connection id is 213 
Server version: 5.1.63-0+squeeze1 (Debian) 

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. 

Oracle is a registered trademark of Oracle Corporation and/or its 
affiliates. Other names may be trademarks of their respective 
owners. 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. 

mysql> DROP TABLE IF EXISTS `wp_commentmeta`; 
Query OK, 0 rows affected, 1 warning (0.05 sec) 

mysql>  CREATE TABLE `wp_commentmeta` (
    ->  `meta_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT, 
    ->  `comment_id` bigint(20) unsigned NOT NULL DEFAULT '0', 
    ->  `meta_key` varchar(255) DEFAULT NULL, 
    ->  `meta_value` longtext, 
    ->  PRIMARY KEY (`meta_id`), 
    ->  KEY `comment_id` (`comment_id`), 
    ->  KEY `meta_key` (`meta_key`) 
    -> ) ENGINE=MyISAM DEFAULT CHARSET=latin1; 
Query OK, 0 rows affected (0.01 sec) 

mysql> quit 
Bye

來源

2012-12-20 jesse_galley

回答

7

您不能在單個mysqli_query調用中運行兩個查詢。將查詢字符串分解爲兩部分並分別執行。 (或者,TheVedge在評論中正確指出,使用mysqli_multi_query作爲腳本中mysqli_query的直接替換。)

這有助於緩解SQL注入。

來源

2012-12-20 02:23:04 zneak

+6

除非您使用[mysqli_multi_query](http://php.net/manual/en/mysqli.multi-query.php) – ESG

相關問題

 相關問題