MYSQL-处理引号的存储过程和准备好的语句
在PHP中,我使用prepared语句(通过绑定参数)并将数据发送到以下存储过程MYSQL-处理引号的存储过程和准备好的语句,mysql,stored-procedures,prepared-statement,Mysql,Stored Procedures,Prepared Statement,在PHP中,我使用prepared语句(通过绑定参数)并将数据发送到以下存储过程 CREATE PROCEDURE test_my_add_comment(in var_details text, in var_table_name varchar(50)) BEGIN SET @s = CONCAT('INSERT INTO ',var_table_name,'(details) VALUES("',var_details,'")'); PREPARE stmt FRO
CREATE PROCEDURE test_my_add_comment(in var_details text, in var_table_name varchar(50))
BEGIN
SET @s = CONCAT('INSERT INTO ',var_table_name,'(details) VALUES("',var_details,'")');
PREPARE stmt FROM @s;
EXECUTE stmt;
COMMIT;
END;
CREATE TABLE `test_table` (
`details` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
我的假设是,语句应该处理这种情况。错误在过程中。下面是如何避免引用。我在这里使用单引号。我还引用了表/列名
SET @s = CONCAT('INSERT INTO `',var_table_name,'` (`details`) VALUES(\'', QUOTE(var_details), '\')');
程序中有错误。下面是如何避免引用。我在这里使用单引号。我还引用了表/列名
SET @s = CONCAT('INSERT INTO `',var_table_name,'` (`details`) VALUES(\'', QUOTE(var_details), '\')');
好的,我在MariaDB 10上测试了它,它可以工作:
DROP PROCEDURE IF EXISTS `test_my_add_comment`;
CREATE PROCEDURE `test_my_add_comment`(IN `var_details` TEXT, IN `var_table_name` VARCHAR(64))
MODIFIES SQL DATA
BEGIN
SET @`add_comment` = CONCAT('INSERT INTO ', `var_table_name`, ' (`details`) VALUES (', QUOTE(`var_details`), ');');
PREPARE `stmt_add_comment` FROM @`add_comment`;
EXECUTE `stmt_add_comment`;
DEALLOCATE PREPARE `stmt_add_comment`;
SET @`add_comment` = NULL;
END;
CALL `test_my_add_comment`('This is a test','test_table');
我添加了很多
反勾号DROP PROCEDURE IF EXISTS `test_my_add_comment`;
CREATE PROCEDURE `test_my_add_comment`(IN `var_details` TEXT, IN `var_table_name` VARCHAR(64))
MODIFIES SQL DATA
BEGIN
SET @`add_comment` = CONCAT('INSERT INTO ', `var_table_name`, ' (`details`) VALUES (', QUOTE(`var_details`), ');');
PREPARE `stmt_add_comment` FROM @`add_comment`;
EXECUTE `stmt_add_comment`;
DEALLOCATE PREPARE `stmt_add_comment`;
SET @`add_comment` = NULL;
END;
CALL `test_my_add_comment`('This is a test','test_table');
我添加了很多
反勾号