When I am using a PDO prepared statement, and use it to plug in a table name to the query it fails, a quick example:
开发者_如何学JAVA$stmt = $dbh->prepare("CREATE TABLE ? (id foo, int bar,...)");
$stmt->execute(Array('table_foobar'));
All it does is replaces ?
with 'table_foobar'
, the single quotes don't allow creation of the table for me!
I end up needing to do a sprintf
on TOP of the prepared statement to add in a predefined table name.
What on earth am I missing here?
I can find nothing clear in the manual, but looking at the User Contributed Notes, the use of parameters is intended for actual values only, not table names, field names etc.
Normal string concatenation should (and can) be used.
$tablename = "tablename";
$stmt = $dbh->prepare("CREATE TABLE `$tablename` (id foo, int bar,...)");
If you are creating a table dynamically, that most likely means you do not understand relational database ideology and as a result doing something wrong.
Just create all the tables at application setup from ready made dump and do not create any tables at runtime.
No need to use dynamic table name at all.
精彩评论