0

谁能告诉我我的查询有什么问题?我有两个表事件和客户,我想从客户表中选择客户 ID 并将其插入到事件表的 customer_id 列中。这只是客户表中的登录 ID 与登录用户 ID 相同的情况

$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) 
VALUES(customer-id,'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."',  '".$event_date."') SELECT customer_id  FROM 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID'].";";
4

3 回答 3

1

试试这个

   $insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type, event_shortdesc, event_vanue, event_start) 
   VALUES((select customer-id from 'customer' WHERE login_id = ".$_SESSION['SESS_LOGIN_ID']."),'".$safe_videography_package."', '".$safe_event_type."', '".$safe_event_shortdesc."','".$safe_event_vanue."',  '".$event_date."') ";
于 2013-01-24T23:39:14.297 回答
1

  • for 的语法INSERT需要VALUES子句或 aSELECT作为行的来源,但不能同时使用。

  • 您对 的表名使用单引号SELECT,但单引号仅用于字符串文字或日期文字。

  • 你没有使用查询参数,所以你有丑陋的代码来管理引用的变量。我假设$safe_意味着您已经转义了变量,因此至少您可能很少有 SQL 注入的机会。

我会以这种方式用 PDO 编写语句:

$cust_sql = "SELECT customer_id FROM customer WHERE login_id = :login_id";
$stmt = $pdo->prepare($cust_sql);
// test if $stmt is false
$result = $stmt->execute(array(":login_id" => $_SESSION['SESS_LOGIN_ID']));
// test if $result is false
while ($row = $result->fetch()) {
  $customer_id = $row["customer_id"];
}

$insEvent_sql = "INSERT INTO event(customer_id, videography_package, event_type,
    event_shortdesc, event_vanue, event_start) 
  VALUES (:customer_id, :videographer_package, :event_type, 
   :event_shortdesc, :event_vanue, :event_start)";
$stmt = $pdo->prepare($cust_sql);
// test if $insEvent_stmt is false
$result = $insEvent_stmt->execute(array(
  ":customer_id"         => $customer_id,
  ":videographer_package"=> $videography_package,
  ":event_type"          => $event_type,
  ":event_shortdesc"     => $event_shortdesc,
  ":event_vanue"         => $event_vanue,
  ":event_start"         => $event_date
));
// test if $result is false
于 2013-01-24T23:45:18.460 回答
0

您不能INSERT在一行后跟一个SELECT. 一种解决方法是将您的行添加到SELECT

$insEvent_sql = "INSERT INTO event 
            (customer_id, 
             videography_package, 
             event_type, 
             event_shortdesc, 
             event_vanue, 
             event_start) 
SELECT 'customer-id'                        AS customer_id, 
       '" . $safe_videography_package . "'  AS videography_package, 
       '" . $safe_event_type . "'           AS event_type, 
       '" . $safe_event_shortdesc . "'      AS event_shortdesc, 
       '" . $safe_event_vanue . "'          AS event_venu, 
       '" . $event_date . "'        AS event_start 
UNION ALL 
SELECT customer_id, NULL, NULL, NULL, NULL, NULL
FROM   customer 
WHERE  login_id = " . $_SESSION['SESS_LOGIN_ID'];

使用样本数据:

$safe_videography_package = 'package1';
$safe_event_type = 'type1';
$safe_event_shortdesc = '简短描述';
$safe_event_vanue = '某个地方';
$event_date = '2012-05-05';
$_SESSION['SESS_LOGIN_ID'] = 1;

将产生:

插入事件
            (客户ID,
             videography_package,
             事件类型,
             event_shortdesc,
             event_vanue,
             事件开始)
选择“客户 ID”作为客户 ID,
       'package1' AS videography_package,
       'type1' 作为 event_type,
       '简短描述' AS event_shortdesc,
       'some venu' AS event_venu,
       '2012-05-05' 作为 event_start
联合所有
选择客户 ID,空,空,空,空,空
来自客户
在哪里 login_id = 1
于 2013-01-24T23:33:21.420 回答