当我将这种类型的数组值直接插入Mysql数据库时,我得到了这样的错误
#1064 -你有一个错误的SQL语法;查看与MySQL服务器版本对应的手册,在第1行':23:09Z, 36840bd430637, Success, 85.0, 11457922, 10.02, USD, X, M, 59106737WV831'附近使用正确的语法
和myquery是
INSERT INTO `transaction`(TIMESTAMP, CORRELATIONID, ACK, VERSION, BUILD, AMT, CURRENCYCODE, AVSCODE, CVV2MATCH, TRANSACTIONID) VALUES (2014-06-26T02:23:09Z, 36840bd430637, Success, 85.0, 11457922, 10.02, USD, X, M, 59106737WV831451U)
Mycode是
$columns = implode(", ",array_keys($result_array));
$escaped_values = array_map('mysql_real_escape_string', array_values($result_array));
$values = implode(", ", $escaped_values);
echo $sql = "INSERT INTO `transaction`($columns) VALUES ($values)";
$res =mysql_query($sql);
我可以做哪些改变?
首先,应该转义列名(并非总是必需的):
$cols = join(',', array_map(function($name) {
return '`' . str_replace('`', '``', $name) . '`';
}, array_keys($result_array));
然后,请记住mysql_real_escape_string()不添加引号的附件:
$vals = join(',', array_map(function($value) {
return "'" . mysql_real_escape_string($value) . "'";
}, $result_array);
$sql = "INSERT INTO `transaction` ($cols) VALUES ($vals)";
最后,不推荐使用mysql_函数,您应该转而使用PDO或mysqli。
这里的echo $sql是什么意思?试试这个方法& &;你也可以先转义字符串
foreach($singleRow as $key=>$data) //for multiple rows
{
if(isset($data)){
$dataArray[$key] = is_string($data) ? mysql_real_escape_string($data) : $data;
}
}
$tableName='transaction';
$keys = implode(',',array_keys($dataArray));
$data_values = ("'".implode("','",array_values($dataArray))."'");
$insertSql = "INSERT INTO ".$tableName." ($keys) VALUES ($data_values)";
$res =mysql_query($insertSql );
use mysqli_* and PDO anyway