Moh*_*mad 2 mysql coldfusion coldfusion-9
我正在尝试编译几个MySQL语句并在同一个请求中执行它们,但我不断收到MySQL语法错误:
local.sql = "";
for (local.i in this.hitArray)
{
local.sql &= "UPDATE posts SET viewCount = posts.viewCount + 1 WHERE posts.id = #local.i.postId#;";
}
local.service.setSQL(local.sql);
原始SQL转储(local.sql var):
UPDATE posts SET viewCount = posts.viewCount + 1 WHERE posts.id = 95;UPDATE posts SET viewCount = posts.viewCount + 1 WHERE posts.id = 95;UPDATE posts SET viewCount = posts.viewCount + 1 WHERE posts.id = 95;
看起来查询在第一个语句的末尾正好嘎嘎作响.
MySQL默认禁用多个语句以防止sql注入.您必须将allowMultiQueries标志添加到连接字符串以启用它们.
注意:显然,如果启用多个语句,则所有查询都使用cfqueryparam或addParam非常重要,因为您现在面临sql注入的风险.
| 归档时间: |
|
| 查看次数: |
90 次 |
| 最近记录: |