Mysql 用户无法更新临时文件 table(拥有所有权限)
Mysql user can't update temp table (has all privileges)
我尝试通过 php 执行以下查询:
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '22207';
UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
INSERT INTO newdatabase.vacancies SELECT * FROM temp_table;
DROP TEMPORARY TABLE temp_table;
这给出了一个错误:
Errormessage: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
如果我在 PMA 中直接执行查询它工作正常。
我在 PHP 中联系的用户拥有这些特权:
GRANT ALL PRIVILEGES ON firstdatabase.* TO 'username'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON newdatabase.* TO 'username'@'%' WITH GRANT OPTION;
有人知道吗?
PHP代码:
//Get the new autoincrement id of the vacancy of individual jobboard
$iNewId = $db->lookup("SELECT vacancyid FROM ".$aBoardInfo['username'].".vacancies ORDER BY vacancyid DESC LIMIT 1");
$iNewId = $iNewId + 1;
$db->query("
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '". $iVacancyid ."' ;
UPDATE temp_table SET vacancyid=". $iNewId ." WHERE vacancyid='". $iVacancyid ."' ;
INSERT INTO ".$aBoardInfo['username'].".vacancies SELECT * FROM temp_table ;
DROP TEMPORARY TABLE temp_table ;
");
如示例 2documentation 中所述
示例 #2 SQL 注入
<?php
$mysqli = new mysqli("example.com", "user", "password", "database");
$res = $mysqli->query("SELECT 1; DROP TABLE mysql.user");
if (!$res) {
echo "Error executing query: (" . $mysqli->errno . ") " . $mysqli->error;
}
?>
The above example will output:
Error executing query: (1064) You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near 'DROP TABLE mysql.user' at line 1
Prepared statements
Use of the multiple statement with prepared statements is not
supported.
我尝试通过 php 执行以下查询:
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '22207';
UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
INSERT INTO newdatabase.vacancies SELECT * FROM temp_table;
DROP TEMPORARY TABLE temp_table;
这给出了一个错误:
Errormessage: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE temp_table SET vacancyid='22216' WHERE vacancyid='22207';
如果我在 PMA 中直接执行查询它工作正常。 我在 PHP 中联系的用户拥有这些特权:
GRANT ALL PRIVILEGES ON firstdatabase.* TO 'username'@'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON newdatabase.* TO 'username'@'%' WITH GRANT OPTION;
有人知道吗?
PHP代码:
//Get the new autoincrement id of the vacancy of individual jobboard
$iNewId = $db->lookup("SELECT vacancyid FROM ".$aBoardInfo['username'].".vacancies ORDER BY vacancyid DESC LIMIT 1");
$iNewId = $iNewId + 1;
$db->query("
CREATE TEMPORARY TABLE temp_table
AS
SELECT * FROM vacancies WHERE vacancyid = '". $iVacancyid ."' ;
UPDATE temp_table SET vacancyid=". $iNewId ." WHERE vacancyid='". $iVacancyid ."' ;
INSERT INTO ".$aBoardInfo['username'].".vacancies SELECT * FROM temp_table ;
DROP TEMPORARY TABLE temp_table ;
");
如示例 2documentation 中所述
示例 #2 SQL 注入
<?php $mysqli = new mysqli("example.com", "user", "password", "database"); $res = $mysqli->query("SELECT 1; DROP TABLE mysql.user"); if (!$res) { echo "Error executing query: (" . $mysqli->errno . ") " . $mysqli->error; } ?>The above example will output:
Error executing query: (1064) You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'DROP TABLE mysql.user' at line 1
Prepared statements
Use of the multiple statement with prepared statements is not supported.