开发者

MySQL escape string help

I have a pretty large insert statement something like

INSERT INTO multimedia (filename, regex, flag) VALUES (('adsfavr.jpg', '&开发者_Go百科lt;div id="title">', 0), (...), (...));

How do I prepare the query for MySQL.It's too long to do it manually. It includes double quotes so I can't use the php function mysql_real_escape_string()


Why do you want to insert all records with a single statement? You could use a prepared statement: INSERT INTO multimedia (filename, regex, flag) VALUES (?, ?, ?);

and a for-loop to insert the records one by one.

I'm not a PHP programmer, but the code could look like this (parts taken from http://php.net/manual/en/pdo.prepared-statements.php):

$stmt = $dbh->prepare("INSERT INTO multimedia (filename, regex, flag) VALUES (:filename, :regex, :flag)");
$stmt->bindParam(':filename', $filename);
$stmt->bindParam(':regex', $regex);
$stmt->bindParam(':flag', $flag);

for ( $i = 1; $i <= ...; $i++) {
    $filename = ...
    $regex = ...
    $flag = ...

    $stmt->execute();
}

Using a prepared statement, the DBMS only compiles the SQL once, as it would with your SQL statement. To get sure that either all or no records are inserted (if you need such an assertion anyway), use a transaction.

Further, this would also solve your escaping problem, since you don't need to put the values in a string. The string for a prepared statement only defines the SQL "template".


if your data stored in a comma separated file, you can use LOAD DATA INFILE query

A sample of this data could help.


you can try this way to execute multiple inserts in a single query...

$sql = "INSERT INTO users (name, age)
  VALUES
  ('Helen', 24),
  ('Katrina', 21),
  ('Samia', 22)";

mysql_query( $sql);
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜