mysql 查询转义单引号
mysql query escape single quote
我对以下 db::insert 命令有疑问。
我想在 mysql 查询 "in ()" 部分中使用数组,但逗号已被转义。我该如何解决这个问题?
$users = [435,1671,429];
$list = implode("','", $users);
DB::insert("insert into ".
"rejections (calendar_id, user_id, note, status) ".
"select id as calendar_id, ?, concat(?), concat(?) ".
"from calendar ".
"where DATE(_date) BETWEEN ? AND ? and user_id in (?)", [$admin, $note, $status, $start_date, $end_date, $list]
);
mysql_log: 2019-05-30T16:28:51.221007Z 1815 Execute insert into rejections (calendar_id, user_id, note, status) select id as calendar_id, 2416, concat('Comment'), concat(1) from calendar where DATE(_date) BETWEEN '2019-05-01' AND '2019-05-31' and user_id in ('435\',\'1671\',\'429')
一个快速(但肮脏)的修复方法可能是删除 implode() 中的单引号并使用 FIND_IN_SET() 而不是 IN():
$users = [435,1671,429];
$list = implode(",", $users);
DB::insert("insert into ".
"rejections (calendar_id, user_id, note, status) ".
"select id as calendar_id, ?, concat(?), concat(?) ".
"from calendar ".
"where DATE(_date) BETWEEN ? AND ? and find_in_set(user_id, ?)"
, [$admin, $note, $status, $start_date, $end_date, $list]);
请注意,它可能会更慢,因为无法使用 user_id 上的索引。
如果您想在查询中使用 IN(),则每个用户都需要一个占位符:
IN (?,?,?)
同时绑定每个用户ID
[$admin, $note, $status, $start_date, $end_date, $list[0], $list[1], $list[2]]
因为你可能事先不知道用户的数量,你可以使用这样的东西:
$users = [435,1671,429];
$usersPlaceholders = array_map(function($id) { return '?'; }, $users);
$usersPlaceholders = implode(',', $usersPlaceholders);
$params = array_merge([$admin, $note, $status, $start_date, $end_date], $users);
DB::insert("
insert into rejections (calendar_id, user_id, note, status)
select id as calendar_id, ?, concat(?), concat(?)
from calendar
where DATE(_date) BETWEEN ? AND ? and user_id in ($usersPlaceholders)
", $params);
我对以下 db::insert 命令有疑问。 我想在 mysql 查询 "in ()" 部分中使用数组,但逗号已被转义。我该如何解决这个问题?
$users = [435,1671,429];
$list = implode("','", $users);
DB::insert("insert into ".
"rejections (calendar_id, user_id, note, status) ".
"select id as calendar_id, ?, concat(?), concat(?) ".
"from calendar ".
"where DATE(_date) BETWEEN ? AND ? and user_id in (?)", [$admin, $note, $status, $start_date, $end_date, $list]
);
mysql_log: 2019-05-30T16:28:51.221007Z 1815 Execute insert into rejections (calendar_id, user_id, note, status) select id as calendar_id, 2416, concat('Comment'), concat(1) from calendar where DATE(_date) BETWEEN '2019-05-01' AND '2019-05-31' and user_id in ('435\',\'1671\',\'429')
一个快速(但肮脏)的修复方法可能是删除 implode() 中的单引号并使用 FIND_IN_SET() 而不是 IN():
$users = [435,1671,429];
$list = implode(",", $users);
DB::insert("insert into ".
"rejections (calendar_id, user_id, note, status) ".
"select id as calendar_id, ?, concat(?), concat(?) ".
"from calendar ".
"where DATE(_date) BETWEEN ? AND ? and find_in_set(user_id, ?)"
, [$admin, $note, $status, $start_date, $end_date, $list]);
请注意,它可能会更慢,因为无法使用 user_id 上的索引。
如果您想在查询中使用 IN(),则每个用户都需要一个占位符:
IN (?,?,?)
同时绑定每个用户ID
[$admin, $note, $status, $start_date, $end_date, $list[0], $list[1], $list[2]]
因为你可能事先不知道用户的数量,你可以使用这样的东西:
$users = [435,1671,429];
$usersPlaceholders = array_map(function($id) { return '?'; }, $users);
$usersPlaceholders = implode(',', $usersPlaceholders);
$params = array_merge([$admin, $note, $status, $start_date, $end_date], $users);
DB::insert("
insert into rejections (calendar_id, user_id, note, status)
select id as calendar_id, ?, concat(?), concat(?)
from calendar
where DATE(_date) BETWEEN ? AND ? and user_id in ($usersPlaceholders)
", $params);