From: Michael Dykman
Date: April 12 2010 9:04pm
Subject: Re: INSERT INTO multiple tables
List-Archive: http://lists.mysql.com/mysql/221211
Message-Id: <s2p814b9a821004121404ge4415a07tbb2ab1bbba1fdd94@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

It is not a question of multiple tables, it is a question of multiple
statements.  Most PHP configurations prohibit the application of more
than one statement per call to execute.  This is generally thought to
be a security issue as the vast majority of simple PHP-based SQL
injection attacks only work on servers that allow multiple statements.

I haven't been deep in PHP land for a little while, but I think you
will find the default driver/config is expressly preventing you from
doing this.

 - michael dykman


On Mon, Apr 12, 2010 at 9:44 AM, Gary <gwpaul@stripped> wrote:
> Seriously
>
> You should read your answers before you post, the SA link did not provide
> the answer. =A0Had you read the page you sent, you would notice it does n=
ot
> apply to mulitple tables...
>
> Gary
>
>
> "Colin Streicher" <colin@stripped> wrote in message
> news:201004112310.16594.colin@stripped...
>> Seriously...
>> I found the answer in the first result.
>> http://lmgtfy.com/?q=3Dmysqli+multiple+insert+statements
>>
>> Assuming mysqli, if you are using a different driver, then google that
>>
>> Colin
>>
>> On April 11, 2010 10:36:41 pm viraj wrote:
>>> is it mysqli query or 'multi_query'?
>>>
>>> http://php.net/manual/en/mysqli.multi-query.php
>>>
>>> ~viraj
>>>
>>> On Sun, Apr 11, 2010 at 10:27 PM, Gary <gwpaul@stripped> wrote:
>>> > I am experimenting with multiple tables, it is only a test that is my
>>> > local machine only. This is the current code, which does not work , I
>>> > have tried to concatonate the insert statements. =A0I have tried mult=
iple
>>> > $query variables, but it is just overwriting itself (only the last on=
e
>>> > gets inserted). I also tried writing the $query as an array, which go=
t
>>> > me
>>> > an error message (saying it was expecting a string and I offered an
>>> > array).
>>> >
>>> > Someone point me in the right direction?
>>> >
>>> > Gary
>>> >
>>> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
>>> > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
>>> > <html xmlns=3D"http://www.w3.org/1999/xhtml">
>>> > <head>
>>> > <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf=
-8" />
>>> > <title>Untitled Document</title>
>>> > </head>
>>> >
>>> > <body>
>>> >
>>> > <form action=3D"<?php echo $_SERVER['PHP_SELF'];?>" method=3D"post">
>>> >
>>> > <label>First Name </label> <input name=3D"fname" type=3D"text" /><br =
/><br
>>> > />
>>> > <label>Last Name </label><input name=3D"lname" type=3D"text" /><br />=
<br />
>>> > <label>Street Address </label><input name=3D"street" type=3D"text" />=
<br
>>> > /><br />
>>> > <label>Town </label><input name=3D"town" type=3D"text" /><br /><br />
>>> > <label>State </label><input name=3D"state" type=3D"text" /><br /><br =
/>
>>> > <label>Zip Code</label><input name=3D"zip" type=3D"text" /><br /><br =
/>
>>> > <label>Telephone</label><input name=3D"phone" type=3D"text" /><br /><=
br />
>>> > <label>Fax</label><input name=3D"fax" type=3D"text" /><br /><br />
>>> > <label>E-Mail</label><input name=3D"email" type=3D"text" /><br /><br =
/>
>>> > <label>Comments</label><br /><textarea name=3D"comments" cols=3D"100"
>>> > rows=3D"15"></textarea><br /><br />
>>> >
>>> > <input name=3D"submit" type=3D"submit" value=3D"submit" />
>>> > </form>
>>> >
>>> > <?php
>>> >
>>> > $fname=3D($_POST['fname']);
>>> > $lname=3D($_POST['lname']);
>>> > $street=3D($_POST['street']);
>>> > $town=3D($_POST['town']);
>>> > $state=3D($_POST['state']);
>>> > $zip=3D($_POST['zip']);
>>> > $phone=3D($_POST['phone']);
>>> > $fax=3D($_POST['fax']);
>>> > $email=3D($_POST['email']);
>>> > $comments=3D($_POST['comments']);
>>> > $REMOTE_ADDR=3D$_SERVER['REMOTE_ADDR'];
>>> >
>>> > $dbc=3Dmysqli_connect('localhost','root','','test');
>>> > $query=3D"INSERT INTO address (street, town, state,
>>> > zip)"."VALUES('$street','$town','$state','$zip')".
>>> > "INSERT INTO comments(comments)"."VALUES('$comments')".
>>> > "INSERT INTO
>>> > contact(phone,fax,email)"."VALUES('$phone','$fax','$email')". "INSERT
>>> > INTO name (fname, lname)"."VALUES('$fname','$lname')";
>>> >
>>> > $result =3D mysqli_query($dbc, $query)
>>> > or die('Error querying database.');
>>> >
>>> > mysqli_close($dbc);
>>> >
>>> > ?>
>>> > </body>
>>> > </html>
>>> >
>>> >
>>> >
>>> > __________ Information from ESET Smart Security, version of virus
>>> > signature database 5017 (20100411) __________
>>> >
>>> > The message was checked by ESET Smart Security.
>>> >
>>> > http://www.eset.com
>>> >
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > MySQL General Mailing List
>>> > For list archives: http://lists.mysql.com/mysql
>>> > To unsubscribe: =A0 =A0http://lists.mysql.com/mysql?unsub=3Dkalinga@g=
mail.com
>>>
>>
>> --
>> It is easy to find fault, if one has that disposition. =A0There was once=
 a
>> man
>> who, not being able to find any other fault with his coal, complained th=
at
>> there were too many prehistoric toads in it.
>> -- Mark Twain, "Pudd'nhead Wilson's Calendar"
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 5021 (20100412) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>
>
>
> __________ Information from ESET Smart Security, version of virus signatu=
re database 5021 (20100412) __________
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
>
>
>
>
> --
> MySQL General Mailing List
> For list archives: http://lists.mysql.com/mysql
> To unsubscribe: =A0 =A0http://lists.mysql.com/mysql?unsub=3Dmdykman@gmail=
.com
>
>



--=20
 - michael dykman
 - mdykman@stripped

 May the Source be with you.