Executing multiple SQL queries in one statement with PHP

Question

How to join those multiple queries into one  can I     query    DELETE FROM aktywne kody WHERE kodsms    kodSMSgracza  AND typkodu    id    mysql query  query  or die mysql error       query    INSERT INTO uzyte kody  gracz  kodsms  typkodu  VALUES    nickGracza     kodSMSgracza     id     mysql query  query  or die  Blad MySQL X04      query    INSERT INTO do odebrania  gracz  itemDATA  itemQTY  VALUES    nickGracza     itemDATA     itemQTY     mysql query  query  or die  Blad MySQL X05      By the way is it better if I do mysql close  db  after all queries are done

User · Answer

This may be created sql injection point "SQL Injection Piggy-backed Queries". attackers able to append multiple malicious sql statements. so do not append user inputs directly to the queries.

Security considerations

The API functions mysqli_query() and mysqli_real_query() do not set a connection flag necessary for activating multi queries in the server. An extra API call is used for multiple statements to reduce the likeliness of accidental SQL injection attacks. An attacker may try to add statements such as ; DROP DATABASE mysql or ; SELECT SLEEP(999). If the attacker succeeds in adding SQL to the statement string but mysqli_multi_query is not used, the server will not execute the second, injected and malicious SQL statement.

PHP Doc

User · Answer

You can just add the word JOIN or add a   after each line as  pictchubbate said   Better this way because of readability and also you should not meddle DELETE with INSERT  it is easy to go south   The last question is a matter of debate  but as far as I know yes you should close after a set of queries  This applies mostly to old plain mysql php and not PDO  mysqli  Things get more complicated and heated in debates  in these cases   Finally  I would suggest either using PDO or some other method

User · Answer

Pass 65536 to mysql connect as 5th parameter   Example    conn   mysql connect  localhost   username   password   true  65536    here           or die  cannot connect    mysql select db  database name   or die  cannot use database    mysql query       INSERT INTO table1  field1 field2  VALUES 1 2        INSERT INTO table2  field3 field4 field5  VALUES 3 4 5        DELETE FROM table3 WHERE field6   6       UPDATE table4 SET field7   7 WHERE field8   8       INSERT INTO table5        SELECT t6 field11  t6 field12  t7 field13        FROM table6 t6        INNER JOIN table7 t7 ON t7 field9   t6 field10       -- etc       When you are working with mysql fetch   or mysql num rows  or mysql affected rows  only the first statement is valid   For example  the following codes  the first statement is INSERT  you cannot execute mysql num rows and mysql fetch    It is okay to use mysql affected rows to return how many rows inserted    conn   mysql connect  localhost   username   password   true  65536  or die  cannot connect    mysql select db  database name   or die  cannot use database    mysql query       INSERT INTO table1  field1 field2  VALUES 1 2       SELECT   FROM table2        Another example  the following codes  the first statement is SELECT  you cannot execute mysql affected rows  But you can execute mysql fetch assoc to get a key-value pair of row resulted from the first SELECT statement  or you can execute mysql num rows to get number of rows based on the first SELECT statement    conn   mysql connect  localhost   username   password   true  65536  or die  cannot connect    mysql select db  database name   or die  cannot use database    mysql query       SELECT   FROM table2      INSERT INTO table1  field1 field2  VALUES 1 2

User · Answer

With mysqli you re able to use multiple statements for real using mysqli multi query     Read more on multiple statements in the PHP Docs

[php] Executing multiple SQL queries in one statement with PHP

Examples related to php

Examples related to mysql