将数据导出为 .sql 格式。如何逃脱?

发布于 2024-11-02 02:57:17 字数 173 浏览 3 评论 0原文

我正在编写一个导出工具,将输入的 json 数据转换为 sql 语句。

该工具(并且不应该)知道数据库连接,它应该只输出一个可与其他工具一起使用的 .sql 来进行实际导入。

大多数 mysqli->* 和 PDO 相关函数都依赖于开放连接(以确定字符集等内容)。解决这个问题有什么好的方法吗?

I'm writing an export tool that converts input json data to sql statements.

This tool is (and should not) be aware of database connections, it should just output a .sql that can be used with other tools do the actual import.

Most of the mysqli->* and PDO-related functions rely on an open connection (to determine things like the characterset). What's a good way to go about this?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

空心↖ 2024-11-09 02:57:17

MySQL 函数需要连接才能转义字符串的原因是所有 mysql_real_escape_string() 的作用是调用 MySQL 的内置转义函数。

但是,如果您阅读其手册页,您会发现它们确实列出了转义的字符:

mysql_real_escape_string() 调用 MySQL 的库函数 mysql_real_escape_string,该函数在以下字符前面添加反斜杠:\x00、\n、\r、\、'、" 和 \x1a。

您不想使用 addslashes() 因为这只转义了几个字符,并且不会提供安全的解决方案,但是您应该能够重新实现由以下方式完成的转义。 mysql_real_escape_string() 使用给定的字符列表,通过简单调用 strtr() 或类似的:

$replacements = array("\x00"=>'\x00',
                      "\n"=>'\n',
                      "\r"=>'\r',
                      "\\"=>'\\\\',
                      "'"=>"\'",
                      '"'=>'\"',
                      "\x1a"=>'\x1a');
$escaped = strtr($unescaped,$replacements);

The reason the MySQL functions require a connection in order to escape the string is that all mysql_real_escape_string() does is make a call to MySQL's built-in escaping function.

However, if you read the manual page for it, you'll see that they do list the characters which are escaped:

mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a.

You don't want to use addslashes() since that only escapes a few characters, and would not provide a secure solution. But you should be able to re-implement the escaping done by mysql_real_escape_string() using the list of characters given, with a simple call to strtr() or similar:

$replacements = array("\x00"=>'\x00',
                      "\n"=>'\n',
                      "\r"=>'\r',
                      "\\"=>'\\\\',
                      "'"=>"\'",
                      '"'=>'\"',
                      "\x1a"=>'\x1a');
$escaped = strtr($unescaped,$replacements);
音栖息无 2024-11-09 02:57:17

@斯特夫戈瑟林:
mysql_real_escape_string 确实需要连接。

我会选择阻力最小的路线。意味着使用系统调用来执行 mysqldumper >临时文件

@stefgosselin:
mysql_real_escape_string did require a connection.

I would go the line with least resistance. Means use a systemcall to exec mysqldumper > tmpfile

樱桃奶球 2024-11-09 02:57:17

只是一个想法,您的应用程序是否可以生成类似的 sql

INSERT INTO table1 (id, name) VALUES (?, ?);

并将一组 sql 参数作为数组传递

$parms = array('value1', 'value2');

,然后让应用程序中执行数据库工作的部分在此时进行转义

function writeToDb($sql, $parms) {
// do escaping here
}

just a thought, is it possible for you app to generate and sql like

INSERT INTO table1 (id, name) VALUES (?, ?);

and pass a set of paramaters for the sql as an array

$parms = array('value1', 'value2');

and then have the part of your app that does do database work do the escaping at that point

function writeToDb($sql, $parms) {
// do escaping here
}
绻影浮沉 2024-11-09 02:57:17

对于转义,mysql_real_escape_string 函数是此任务的通常选择,只不过它确实需要连接。另一种选择是addslashes

我会检查一个根据所需参数(字符集、删除表等)定制的 mysqldump 文件,并将其作为起点。

For escaping, mysql_real_escape_string function is the usual choice for this task except it does need a connection. The other alternative would be addslashes.

I would check out a mysqldump file tailored with the needed paramaters (character sets, drop tables, etc ..) and take it from there as a starting point.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文