如何在一个插入查询中插入来自查询结果和其他变量的数据?
示例:$id = $_POST['id'];
$address = $_POST['address'];
$email = $_POST['email'];
$query = "INSERT INTO info_table(fname, lname, address, email) VALUES (SELECT fname, lname, FROM info WHERE id = '$id')";
$result = db->prepare($query);
$result->execute();
我如何插入$address
和$email
与选择结果变量在一起?
这应该可以达到查询的目的:
INSERT INTO info_table (
fname,
lname,
address,
email
)
SELECT
fname,
lname,
':address',
':email'
FROM
info
WHERE
id = ':id'
你没有在这里使用prepare。您真的应该绑定参数:address
, :email
和:id
$result = db->prepare($query);
$result->bindParam(':id', $id, PDO::PARAM_STR);
$result->bindParam(':email', $email, PDO::PARAM_STR);
$result->bindParam(':address', $address, PDO::PARAM_STR);
$result->execute();
正好回答了你的问题:
$query = "INSERT INTO MyInsecureTable (fname, lname, address, email) SELECT fname, lname, '$address', '$email' FROM info WHERE id = '$id'";
但它让人害怕。Out of me.