我的问题很令人困惑,但我们开始了。我使用它将数据发布到"博客文章"表中。我的问题是,要插入的查询的最后一个值是图片(BLOB)。这些数据需要从用户配置文件aka(另一个表)中提取。所以我的问题是,有没有办法在SQL中的VALUES()语句中设置一个SUBQUERY来获取帐户用户的配置文件图片?
以下是我的不起作用的查询代码:
<?php
require_once('startsession.php');
require_once('appvars.php');
require_once('connectvars.php');
$con=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO blogposts (name, subject, message, post_time, profPic)
VALUES
('$_SESSION[username]','$_POST[subject]','$_POST[message]',current_timestamp,IN(SELECT picture
FROM player
WHERE user_id
EQUALS" . $_SESSION['user_id'] . ")";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
$page='index.php';
header('Location:'.$page);
?>
$username = mysqli_real_escape_string($con,$_SESSION['username']);
$userid = mysqli_real_escape_string($con,$_SESSION['userid']);
$subject= mysqli_real_escape_string($con,$_POST['subject']);
$message= mysqli_real_escape_string($con,$_POST['message']);
$sql="INSERT INTO blogposts (name,subject,message,post_time,profPic)
SELECT '$username',
'$subject',
'$message',
CURRENT_TIMESTAMP,
picture
FROM player WHERE user_id = '$user_id';";
$result = mysqli_query($con,$sql);
如注释中所述,请查看SQL注入和mysqli_real_escape_string函数(http://php.net/manual/en/mysqli.real-escape-string.php)
EDIT:已更新,包括过程风格的转义字符串和正确的语法