各位!
我对编程还很陌生,我正在尝试编写一个引用两个独立表(Organisation和User)的SQL语句。我一直在寻找答案,但找不到任何有效的答案。
本声明的目的是在满足以下两个条件的情况下更新用户的状态;
- 用户的电子邮件、密码和激活码与数据库匹配
- 如果用户关联的组织已激活/批准
UPDATE User AS u
SET u.isActivated =
CASE
WHEN (
SELECT o.isApproved
FROM Organisation AS o
WHERE o.organisationId = (
SELECT u.organisationID
FROM User AS u
WHERE u.email = " + email +"))
= 'true' THEN 'true'
ELSE 'false'
WHERE u.email = " + email + "
AND u.password = " + password + "
AND u.activationCode = " + activationCode + ";
在UPDATE语句中使用FROM连接表:
UPDATE User AS u
SET u.isActivated = (o.isApproved = TRUE) -- will be TRUE or FALSE
FROM
Organisation AS o
WHERE
u.organisationID = o.organisationId
AND u.email = " + email + "
AND u.password = " + password + "
AND u.activationCode = " + activationCode + ";
离题,但非常重要:这段SQL闻起来像是SQL注入的机会,您正在创建一个将作为SQL执行的字符串。我真的希望你能控制自己的安全,并使用一种安全的方法将变量放入SQL 中