sql="INSERT INTO maticna
(formCompany,formPlace,formDate,formPerson,formCollect
,formOffer,formDescribe,formBarkod,formSubject,formWorking
,formStatus,formRevision)
SELECT
company.formCompany, company.formPlace
, $formDate AS formDate
, $formPerson AS formPerson
, $formCollect AS formCollect
, $formOffer AS formOffer
, $formDescribe AS formDescribe
, $formBarkod AS formBarkod
, inv.formSubject, work.rnNo
, $formStatus AS formStatus
, $formRevision AS formRevision)"
."FROM company, inv, work
WHERE inv.formBarkod='$formBarkod'";
这段代码有问题吗?有人可以帮助这段代码或一些更好的方法?
$formDate = mysql_real_escape_string($formdate);
$formPerson = mysql_real_escape_string($formPerson);
....
//For each and every $var you inject in the SQL statement.
$sql="INSERT INTO maticna
(formCompany,formPlace,formDate,formPerson,formCollect
,formOffer,formDescribe,formBarkod,formSubject,formWorking
,formStatus,formRevision)
SELECT
c.formCompany, c.formPlace
, '$formDate' AS formDate
, '$formPerson' AS formPerson
, '$formCollect' AS formCollect
, '$formOffer' AS formOffer
, '$formDescribe' AS formDescribe
, '$formBarkod' AS formBarkod
, i.formSubject, w.rnNo
, '$formStatus' AS formStatus
, '$formRevision' AS formRevision
FROM company c
INNER JOIN work w ON (w.id = i.work_id)
INNER JOIN inv i ON (i.company_id = c.id)
WHERE i.formBarkod= '$formBarkod' ";
你犯的错误
1. 不要使用隐式连接语法,它会导致交叉连接;始终使用显式连接语法。
2. 您没有任何连接条件。
3.所有的$vars都需要转义。
4. 在sql语句中,所有的$var,无论它们是数字还是不需要加引号。
5. 插入语句中出现小语法错误。
不应该在select之前插入VALUES吗?
INSERT INTO maticna (...) VALUES (SELECT ...)