$arr = [];
array_push( $arr, \'wp_table\', 1, \'2013-12-24\', 3, \'NULL\');
$sql_prepare = "INSERT INTO %s (id, datea, one, two) VALUES (%d, %s, %d, %s) ON DUPLICATE KEY UPDATE one = VALUES(one), two = VALUES(two);";
$wpdb->query(
$wpdb->prepare( $sql_prepare,
$arr )
);
上述代码似乎导致
datea 价值
2013-12-24.
[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \'\'wp_table\' (id, datea, one, two) VALUES (1, \'201\' at line 1]
"INSERT INTO \'wp_table\' (id, datea, one, two) VALUES (1, \'2013-12-24\', 3, \'NULL\') ON DUPLICATE KEY UPDATE one = VALUES(one), two = VALUES(two);"
没有
$wpdb->prepare (...) 查询工作正常。
$wpdb->query( "INSERT INTO $table_name (id, datea, one, two) VALUES (1, \'2013-12-24\', 3, NULL) ON DUPLICATE KEY UPDATE one = VALUES(one), two = VALUES(two);");
关于如何处理日期值,有什么建议吗?我做错了什么?感谢您的进一步解释。
/editI我知道我可能过度使用了prepare但至少datea, one, two 用户是否提交了输入
最合适的回答,由SO网友:s_ha_dum 整理而成
只需查看生成的字符串:
INSERT INTO \'wp_table\' (id, datea, one, two) VALUES (1, \'2013-12-24\', 3, \'NULL\') ON DUPLICATE KEY UPDATE one = VALUES(one), two = VALUES(two);
问题是表名周围的引号。(手写查询的表名周围没有引号,可以使用。)
prepare 用于用户提供的动态内容,并用于字符串和数字。表名既不是,也不是内容的名称。它将提供报价,这将打断您的查询。
您应该能够简单地将表名写入查询中。
$arr = array();
array_push( $arr, 1, \'2013-12-24\', 3, \'NULL\');
$sql_prepare = "INSERT INTO {$wpdb->prefix}table (id, datea, one, two) VALUES (%d, %s, %d, %s) ON DUPLICATE KEY UPDATE one = VALUES(one), two = VALUES(two);";
