gpt4 book ai didi

php - 无法使用 PDO 和 PHP 删除带有 bindParam 的表

转载 作者:行者123 更新时间:2023-11-29 03:06:22 26 4
gpt4 key购买 nike

例如这很好用:

$dropTable = $dbConnection->prepare('DROP TABLE IF EXISTS announcements');
$dropTable->execute();

$createTable = $dbConnection->prepare('CREATE TABLE announcements(
id MEDIUMINT NOT NULL AUTO_INCREMENT,
announcements TEXT NOT NULL,
PRIMARY KEY (id))');
$createTable->execute();

但这失败了:

$dropTable = $dbConnection->prepare('DROP TABLE IF EXISTS :tableToDrop');
$dropTable->bindParam(':tableToDrop', $_GET['table']);
$dropTable->execute();

$createTable = $dbConnection->prepare('CREATE TABLE announcements(
id MEDIUMINT NOT NULL AUTO_INCREMENT,
announcements TEXT NOT NULL,
PRIMARY KEY (id))');
$createTable->execute();

有错误:

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:   
Syntax error or access violation: 1064 You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the right
syntax to use near '?' at line 1' in xxxx/createTables.php:9
Stack trace: #0 xxxxx/createTables.php(9):
PDO->prepare('DROP TABLE IF E...') #1 {main} thrown in xxxx/createTables.php on line 9

我敢肯定这是微不足道的事情,但我已经研究了几个小时了。干杯。

编辑:原来你不能bindParam with a table name .有没有办法用动态表名做一个安全的准备好的语句?

最佳答案

安全的方式(你应该使用它,如果你写的东西可以工作的话):

$t=array('t1'=>'t1','t2'=>'t2'....'tn'=>'tn');

$sql = "drop table {$t[$_GET['table']]} ..."

关于php - 无法使用 PDO 和 PHP 删除带有 bindParam 的表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14553157/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com