dqbhdsec59405 2013-08-15 01:31
浏览 36
已采纳

备份MySQL DB ...正确的方法来逃避字符串?

So I am backing up my DB with the following code:

$rows = $this->_getDb()->fetchAll("SELECT * FROM $table");

foreach ($rows AS $row)
{
    foreach ($row AS &$value)
    {
        if (!is_numeric($value))
        {
            $value = "'".addcslashes($value, "'\\")."'";
            $value = str_replace("
", '
', $value);
        }
    }

    if (!$count)
    {
        $output .= "INSERT INTO `$table` (" .implode(', ', $columns). ") VALUES";
    }

    $count++;
    $output .= "
(" .implode(', ', $row). "),";

    if ($count >= $limit)
    {
        $count = 0;
        $output = preg_replace('#,$#', ";

", $output);
    }
}

$output = preg_replace('#,$#', ";

", $output);

This seems to be working great... But I'm comparing my output to what I get from a PHPMyAdmin and I'm noticing some slight differences. With my code, because of how I am using addcslashes, if a string contains a ' it will escape it with \'. However, in the output from PHPMyAdmin, it will instead replace a single ' with two single quotes '' in a row.

Is there really a difference? Please look at the way I am escaping non-numeric fields and tell me if there is a better way.

  • 写回答

1条回答 默认 最新

  • dpbf62565 2013-08-15 01:47
    关注

    The method of two single-quotes in a row '' is more standard SQL, so it is more portable.

    Even MySQL supports a SQL_MODE called NO_BACKSLASH_ESCAPES that would make your backslash-treated strings invalid if you try to import the backup to a server with that mode enabled.

    But I have to add comments to make it clear that your method of backing up your database is full of other problems.

    • You don't handle NULLs:

      if (!is_numeric($value))

    • This does not handle column names that need to be delimited because they may conflict with SQL reserved words:

      $output .= "INSERT INTO `$table` (" .implode(', ', $columns). ") VALUES";

    • If you have millions of rows in any of your tabes, trying to store the entire content of that table in the form of a series of INSERT statements in a single string will exceed PHP's max memory limit:

      $output .= "
(" .implode(', ', $row). "),";

    • You only show part of your script, but it may also not properly handle binary strings, character sets, triggers, stored routines, views, table options, etc.

    You are really reinventing the wheel.

    I've seen past questions where people attempt to do what you're doing, but it's difficult to get right:

    It will be a much better use of your time to just use shell_exec() from PHP to call mysqldump or mydumper.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 神经网络预测均方误差很小 但是图像上看着差别太大
  • ¥15 Oracle中如何从clob类型截取特定字符串后面的字符
  • ¥15 想通过pywinauto自动电机应用程序按钮,但是找不到应用程序按钮信息
  • ¥15 如何在炒股软件中,爬到我想看的日k线
  • ¥15 seatunnel 怎么配置Elasticsearch
  • ¥15 PSCAD安装问题 ERROR: Visual Studio 2013, 2015, 2017 or 2019 is not found in the system.
  • ¥15 (标签-MATLAB|关键词-多址)
  • ¥15 关于#MATLAB#的问题,如何解决?(相关搜索:信噪比,系统容量)
  • ¥500 52810做蓝牙接受端
  • ¥15 基于PLC的三轴机械手程序