我正在尝试将变量传递到选择查询中。查询如下
$Email = $_POST["Email"];
$Username = $_POST["User_Name"];
$FirstName = $_POST["First_Name"];
$Password = $_POST["Password"];
$CreateTable = "CREATE TABLE IF NOT EXISTS "+$Username+" (
address_id int(11) NOT NULL
) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;" ;
但是表没有创建。我错过了什么?
感谢您宝贵的时间。
最佳答案
由于您无法在此类查询中使用准备好的语句,因此您也许应该尝试从提供的用户输入中删除潜在有害的字符。
$email = filter_input( INPUT_POST, 'Email', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$username = filter_input( INPUT_POST, 'User_Name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$firstname = filter_input( INPUT_POST, 'First_Name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
$password = filter_input( INPUT_POST, 'Password', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH );
/* Strip any non alphanumeric charachters and replace space with underscore */
$username = preg_replace('@^[\da-z]$@i','', str_replace( ' ', '_', $username ) );
$sql = "CREATE TABLE IF NOT EXISTS `{$username}` (
address_id int(11) NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8;";
$db=new mysqli( $dbhost, $dbuser, $dbpwd, $dbname );
$db->query( $sql );
关于php - SQL语法: passing variable to SQL select query,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44744792/