List:General Discussion« Previous MessageNext Message »
From:Michael Dykman Date:April 12 2010 9:04pm
Subject:Re: INSERT INTO multiple tables
View as plain text  
It is not a question of multiple tables, it is a question of multiple
statements.  Most PHP configurations prohibit the application of more
than one statement per call to execute.  This is generally thought to
be a security issue as the vast majority of simple PHP-based SQL
injection attacks only work on servers that allow multiple statements.

I haven't been deep in PHP land for a little while, but I think you
will find the default driver/config is expressly preventing you from
doing this.

 - michael dykman


On Mon, Apr 12, 2010 at 9:44 AM, Gary <gwpaul@stripped> wrote:
> Seriously
>
> You should read your answers before you post, the SA link did not provide
> the answer.  Had you read the page you sent, you would notice it does not
> apply to mulitple tables...
>
> Gary
>
>
> "Colin Streicher" <colin@stripped> wrote in message
> news:201004112310.16594.colin@ style="color:#666">stripped...
>> Seriously...
>> I found the answer in the first result.
>> http://lmgtfy.com/?q=mysqli+multiple+insert+statements
>>
>> Assuming mysqli, if you are using a different driver, then google that
>>
>> Colin
>>
>> On April 11, 2010 10:36:41 pm viraj wrote:
>>> is it mysqli query or 'multi_query'?
>>>
>>> http://php.net/manual/en/mysqli.multi-query.php
>>>
>>> ~viraj
>>>
>>> On Sun, Apr 11, 2010 at 10:27 PM, Gary <gwpaul@stripped> wrote:
>>> > I am experimenting with multiple tables, it is only a test that is my
>>> > local machine only. This is the current code, which does not work , I
>>> > have tried to concatonate the insert statements.  I have tried
> multiple
>>> > $query variables, but it is just overwriting itself (only the last one
>>> > gets inserted). I also tried writing the $query as an array, which got
>>> > me
>>> > an error message (saying it was expecting a string and I offered an
>>> > array).
>>> >
>>> > Someone point me in the right direction?
>>> >
>>> > Gary
>>> >
>>> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>> > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>> > <html xmlns="http://www.w3.org/1999/xhtml">
>>> > <head>
>>> > <meta http-equiv="Content-Type" content="text/html; charset=utf-8"
> />
>>> > <title>Untitled Document</title>
>>> > </head>
>>> >
>>> > <body>
>>> >
>>> > <form action="<?php echo $_SERVER['PHP_SELF'];?>"
> method="post">
>>> >
>>> > <label>First Name </label> <input name="fname"
> type="text" /><br /><br
>>> > />
>>> > <label>Last Name </label><input name="lname" type="text"
> /><br /><br />
>>> > <label>Street Address </label><input name="street"
> type="text" /><br
>>> > /><br />
>>> > <label>Town </label><input name="town" type="text"
> /><br /><br />
>>> > <label>State </label><input name="state" type="text"
> /><br /><br />
>>> > <label>Zip Code</label><input name="zip" type="text"
> /><br /><br />
>>> > <label>Telephone</label><input name="phone" type="text"
> /><br /><br />
>>> > <label>Fax</label><input name="fax" type="text"
> /><br /><br />
>>> > <label>E-Mail</label><input name="email" type="text"
> /><br /><br />
>>> > <label>Comments</label><br /><textarea
> name="comments" cols="100"
>>> > rows="15"></textarea><br /><br />
>>> >
>>> > <input name="submit" type="submit" value="submit" />
>>> > </form>
>>> >
>>> > <?php
>>> >
>>> > $fname=($_POST['fname']);
>>> > $lname=($_POST['lname']);
>>> > $street=($_POST['street']);
>>> > $town=($_POST['town']);
>>> > $state=($_POST['state']);
>>> > $zip=($_POST['zip']);
>>> > $phone=($_POST['phone']);
>>> > $fax=($_POST['fax']);
>>> > $email=($_POST['email']);
>>> > $comments=($_POST['comments']);
>>> > $REMOTE_ADDR=$_SERVER['REMOTE_ADDR'];
>>> >
>>> > $dbc=mysqli_connect('localhost','root','','test');
>>> > $query="INSERT INTO address (street, town, state,
>>> > zip)"."VALUES('$street','$town','$state','$zip')".
>>> > "INSERT INTO comments(comments)"."VALUES('$comments')".
>>> > "INSERT INTO
>>> > contact(phone,fax,email)"."VALUES('$phone','$fax','$email')". "INSERT
>>> > INTO name (fname, lname)"."VALUES('$fname','$lname')";
>>> >
>>> > $result = mysqli_query($dbc, $query)
>>> > or die('Error querying database.');
>>> >
>>> > mysqli_close($dbc);
>>> >
>>> > ?>
>>> > </body>
>>> > </html>
>>> >
>>> >
>>> >
>>> > __________ Information from ESET Smart Security, version of virus
>>> > signature database 5017 (20100411) __________
>>> >
>>> > The message was checked by ESET Smart Security.
>>> >
>>> > http://www.eset.com
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > MySQL General Mailing List
>>> > For list archives: http://lists.mysql.com/mysql
>>> > To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>>>
>>
>> --
>> It is easy to find fault, if one has that disposition.  There was once a
>> man
>> who, not being able to find any other fault with his coal, complained that
>> there were too many prehistoric toads in it.
>> -- Mark Twain, "Pudd'nhead Wilson's Calendar"
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 5021 (20100412) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> __________ Information from ESET Smart Security, version of virus signature database
> 5021 (20100412) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe:    http://lists.mysql.com/mysql?unsub=1
>
>



-- 
 - michael dykman
 - mdykman@stripped

 May the Source be with you.
Thread
INSERT INTO multiple tablesGary11 Apr
  • Re: INSERT INTO multiple tablesviraj12 Apr
    • Re: INSERT INTO multiple tablesColin Streicher12 Apr
  • Re: INSERT INTO multiple tablesGary12 Apr
    • Re: INSERT INTO multiple tablesMichael Dykman12 Apr
  • Re: INSERT INTO multiple tablesGary12 Apr
    • Re: INSERT INTO multiple tablesColin Streicher13 Apr
    • Re: INSERT INTO multiple tablesChris W13 Apr
  • Re: INSERT INTO multiple tablesGary13 Apr
  • Re: INSERT INTO multiple tablesGary13 Apr