从 php 插入数据库
Inserting into database from php
我正在尝试从 PHP 向我的 SQL 服务器数据库插入数据。我没有收到任何错误,但数据未应用于数据库。我正在尝试使用相同的查询,但改成了普通的数据库查询并且它有效,所以我认为我的代码有问题:
$query1 = "
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES('$KPI_new_name','$KPI_definition','$KPI_tech_name')
";
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
select r.Report_Id, kpis.KPI_Id
from Reports r
inner join ReportsKpiRel RKR on r.Report_Id = RKR.Report_Id
inner join KPI kpis on RKR.KPI_Id = kpis.KPI_Id
where r.Report_Id = '".$repid."' and kpis.KPI_new_name = '".$KPI_new_name."'
";
$qresult = sqlsrv_query($conn, $query1);
if ($qresult)
{
$qresult2 = sqlsrv_query($conn, $query2);
if($qresult2)
{
echo "Success!";
}
else
echo "Failed!";
}
else
echo "error!";
第一次查询顺利。二是不工作。你知道哪里出了问题吗?
原回答:
您需要在每次 sqlsrv_query() 调用后检查错误。但是,您的方法更重要的问题是您的代码可能会受到 SQL 注入攻击。始终尝试使用参数化查询。正如documentation中提到的,sqlsrv_query函数非常适合一次性查询,应该是执行查询的默认选择,除非特殊情况适用而sqlsrv_query函数既做语句准备又做语句执行,可用于执行参数化查询.
基于问题中的代码,以下代码是您问题的可能解决方案:
<?php
$query1 = "
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES(?, ?, ?)
";
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
select r.Report_Id, kpis.KPI_Id
from Reports r
inner join ReportsKpiRel RKR on r.Report_Id = RKR.Report_Id
inner join KPI kpis on RKR.KPI_Id = kpis.KPI_Id
where r.Report_Id = ? and kpis.KPI_new_name = ?
";
$params1 = array($KPI_new_name, $KPI_definition, $KPI_tech_name);
$result1 = sqlsrv_query($conn, $query1, $params1);
if ($result1 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
$params2 = array($repid, $KPI_new_name);
$result2 = sqlsrv_query($conn, $query2, $params2);
if ($result2 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
echo "Success!";
?>
更新:
看来你遇到了不同的问题。所以,如果你想处理 many-to-many 关系并且 KPI table 有一个标识列,你需要使用 SCOPE_IDENTITY():
获取生成的值
<?php
// INSERT into KPI
$query1 = "
SET NOCOUNT ON;
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES(?, ?, ?);
SELECT SCOPE_IDENTITY() AS KPI_Id
";
$params1 = array($KPI_new_name, $KPI_definition, $KPI_tech_name);
$result1 = sqlsrv_query($conn, $query1, $params1);
if ($result1 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
$row = sqlsrv_fetch_array($result1, SQLSRV_FETCH_ASSOC);
$kpiid = $row['KPI_Id'];
// INSERT into ReportsKpiRel
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
VALUES (?, ?)
";
$params2 = array($repid, $kpiid);
$result2 = sqlsrv_query($conn, $query2, $params2);
if ($result2 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
?>
我正在尝试从 PHP 向我的 SQL 服务器数据库插入数据。我没有收到任何错误,但数据未应用于数据库。我正在尝试使用相同的查询,但改成了普通的数据库查询并且它有效,所以我认为我的代码有问题:
$query1 = "
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES('$KPI_new_name','$KPI_definition','$KPI_tech_name')
";
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
select r.Report_Id, kpis.KPI_Id
from Reports r
inner join ReportsKpiRel RKR on r.Report_Id = RKR.Report_Id
inner join KPI kpis on RKR.KPI_Id = kpis.KPI_Id
where r.Report_Id = '".$repid."' and kpis.KPI_new_name = '".$KPI_new_name."'
";
$qresult = sqlsrv_query($conn, $query1);
if ($qresult)
{
$qresult2 = sqlsrv_query($conn, $query2);
if($qresult2)
{
echo "Success!";
}
else
echo "Failed!";
}
else
echo "error!";
第一次查询顺利。二是不工作。你知道哪里出了问题吗?
原回答:
您需要在每次 sqlsrv_query() 调用后检查错误。但是,您的方法更重要的问题是您的代码可能会受到 SQL 注入攻击。始终尝试使用参数化查询。正如documentation中提到的,sqlsrv_query函数非常适合一次性查询,应该是执行查询的默认选择,除非特殊情况适用而sqlsrv_query函数既做语句准备又做语句执行,可用于执行参数化查询.
基于问题中的代码,以下代码是您问题的可能解决方案:
<?php
$query1 = "
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES(?, ?, ?)
";
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
select r.Report_Id, kpis.KPI_Id
from Reports r
inner join ReportsKpiRel RKR on r.Report_Id = RKR.Report_Id
inner join KPI kpis on RKR.KPI_Id = kpis.KPI_Id
where r.Report_Id = ? and kpis.KPI_new_name = ?
";
$params1 = array($KPI_new_name, $KPI_definition, $KPI_tech_name);
$result1 = sqlsrv_query($conn, $query1, $params1);
if ($result1 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
$params2 = array($repid, $KPI_new_name);
$result2 = sqlsrv_query($conn, $query2, $params2);
if ($result2 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
echo "Success!";
?>
更新:
看来你遇到了不同的问题。所以,如果你想处理 many-to-many 关系并且 KPI table 有一个标识列,你需要使用 SCOPE_IDENTITY():
<?php
// INSERT into KPI
$query1 = "
SET NOCOUNT ON;
INSERT INTO KPI(KPI_new_name, KPI_definition, KPI_tech_name)
VALUES(?, ?, ?);
SELECT SCOPE_IDENTITY() AS KPI_Id
";
$params1 = array($KPI_new_name, $KPI_definition, $KPI_tech_name);
$result1 = sqlsrv_query($conn, $query1, $params1);
if ($result1 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
$row = sqlsrv_fetch_array($result1, SQLSRV_FETCH_ASSOC);
$kpiid = $row['KPI_Id'];
// INSERT into ReportsKpiRel
$query2 = "
INSERT INTO ReportsKpiRel(Report_Id, KPI_Id)
VALUES (?, ?)
";
$params2 = array($repid, $kpiid);
$result2 = sqlsrv_query($conn, $query2, $params2);
if ($result2 === false) {
echo "Error (sqlsrv_query): ".print_r(sqlsrv_errors(), true);
exit;
}
?>