gpt4 book ai didi

php - 错误 "Check the manual that corresponds to your MySQL server version for the right syntax to use near"

转载 作者:行者123 更新时间:2023-11-29 12:25:39 24 4
gpt4 key购买 nike

我正在尝试执行 SELECT从我的数据库中,但我收到错误,但我不明白为什么。我所能告诉的是,它似乎在prepare()处失败了。陈述。任何帮助将不胜感激。

$sQuery =  "SELECT * FROM ? WHERE `email` = ? AND `password` = ?";
$sTypes = "sss";
$aParams = array("user", "john.doe@missing.com", "password");

上面是查询和bind_param值。

function conn($sQuery, $sTypes=null, $aParams=null){
$sMessage = '';
$db = new mysqli('localhost','root','','myvyn') or die('unable to connect!');
if($db->connect_errno){
$message = $db->connect_error;
} else{
$stmt = $db->stmt_init();
if (!($stmt->prepare($sQuery))) {
var_dump("Prepare failed: (" . $stmt->errno . ") " . $stmt->error);
}
if($sTypes&&$aParams){
$bindParams[] = $sTypes;
foreach($aParams as $param){
$bindParams[] = $param;
}
call_user_func_array(array($stmt, 'bind_param'), $bindParams);
}
$stmt->execute();
$oResult = $stmt->get_result();
while($rows = $oResult->fetch_assoc()){
$aRows[] = $rows;
}
$oResult->free();
$db->close();
return $aRows;
}
}

最佳答案

您不能使用表名称参数,如 here (我的粗体):

The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.

However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign. The latter restriction is necessary because it would be impossible to determine the parameter type. It's not allowed to compare marker with NULL by ? IS NULL too. In general, parameters are legal only in Data Manipulation Language (DML) statements, and not in Data Definition Language (DDL) statements.

假设您控制表名(因此 SQL 注入(inject)是不可能的),您可以使用如下内容:

$sQuery =  "SELECT * FROM $tblname WHERE `email` = ? AND `password` = ?";

然后只绑定(bind)电子邮件地址和密码。

关于php - 错误 "Check the manual that corresponds to your MySQL server version for the right syntax to use near",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/28356844/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com