doubo7131 2017-03-26 09:14
浏览 26
已采纳

mysqli查询中的变量[重复]

This question already has an answer here:

i cant understand the way of forming the mysqli query when variables are involved. I have been trying for days different ways modifying it but getting all the time the very same error SQLSTATE[42000]: Syntax error or access violation: 1064. Can anybode help me telling what is wrong with this line of code when the firt variable is a string, as the second as well...?

`$tablename = 'sofka';
$sql = "INSERT INTO " . $tablename . " (" . $columns[1] . ")
VALUES (" . $columnsval[1] . ")";`

</div>
  • 写回答

1条回答 默认 最新

  • duande9301 2017-03-26 09:23
    关注

    for formulating/concatenating query or string in general, it's better to use sprintf.

    $tablename = 'sofka';

$sql = sprintf("INSERT INTO `%s` (`%s`) VALUES ('%s');", $tablename, $columns[1],     
$columnsval[1]);

echo $sql;

    In addition to that, I would make a wrapper function that takes an array of dictionary, and loop through these key and vals, and formulate the SQL.

    function generateSqlInsert($tablename, $parameters){ 
   $columns = $values = [];

   foreach($parameters as $key => $val){
      $columns[] = "`" . $key . "`";
      $values[] = "'" . $val . "'";
   }

   $columnsSql = "(". implode(",", $columns) . ")";
   $valuesSql = "(". implode(",", mysqli_real_escape_string($values)) . ")";

   $sql = sprintf("INSERT INTO %s %s %s", $tablename, $columnsSql, $valuesSql);

   return $sql;
}

    You would then use this function:

      $parameters = ['title' => 'fight club', 'year' => 1995];
  $sql = generateSqlInsert('movies', $parameters);
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 Llama如何调用shell或者Python
  • ¥20 谁能帮我挨个解读这个php语言编的代码什么意思?
  • ¥15 win10权限管理,限制普通用户使用删除功能
  • ¥15 minnio内存占用过大,内存没被回收(Windows环境)
  • ¥65 抖音咸鱼付款链接转码支付宝
  • ¥15 ubuntu22.04上安装ursim-3.15.8.106339遇到的问题
  • ¥15 blast算法(相关搜索:数据库)
  • ¥15 请问有人会紧聚焦相关的matlab知识嘛?
  • ¥15 网络通信安全解决方案
  • ¥50 yalmip+Gurobi