mysqli准备语句查询错误在哪里?
[英]Where is the mysqli prepared statement query error?
问题描述
I'm trying to create a mysqli prepared statement where I import tables from an odbc connected database into a mysql database, I'm getting this error with 106-column wide table query. 
我试图创建一个mysqli准备好的语句,从odbc连接的数据库中将表导入到mysql数据库中,使用106列宽表查询时遇到此错误。
You have an error in your SQL syntax;
When I echo out the query here it is... 当我在这里回显查询时...
INSERT INTO ?
$sql = "SELECT * FROM $table WHERE $key = '$acct'";
$link = getODBCConnection();
$result = odbc_do($link, $sql);
$data = array();
while ($row = odbc_fetch_array($result)) {
//store all query rows as array
array_push($data, $row);
}
//insert into mysql table of the same name
//get column count from first row
$columns = count($data[0]);
$params = str_repeat(" ?,",$columns);
$params = rtrim($params,',');
$types = str_repeat("s",$columns+1);
$fields = implode(", ", array_keys($data[0]));
$sql = "INSERT INTO ? ($fields) VALUES ($params) ON DUPLICATE KEY UPDATE";
echo $sql."<br>";
$link = getSalesConnection();
$stmt = $link->prepare($sql);
var_dump($link->error);
foreach ($data as $row) {
$stmt->bind_param($types, $table, implode(", ",array_values($row)));
$stmt->execute();
}
I've tried this using standard bind_param and also using the call_user_func_array() method. 我已经使用标准bind_param以及call_user_func_array()方法尝试了此操作。 I've tried quoting my parameter strings and the column names, without effect. 我试过引用我的参数字符串和列名,但没有效果。 If there was an error with my bind_param types I should not have an error on the prepare statement should I? 如果我的bind_param类型出错,我应该在prepare语句上没有错误吗? But there is some problem with the SQL going to the prepare command that I can't pinpoint. 但是SQL无法解决prepare命令的问题。 Please help! 请帮忙!
2 个解决方案
解决方案1
4 已采纳 2013-07-10 22:41:21
Query parameters can be used in place of scalar values only . 查询参数可以仅在原地标量值使用。 You can't parameterize table names, column names, SQL expressions, keywords, lists of values, etc. 您无法参数化表名称,列名称,SQL表达式,关键字,值列表等。
WRONG:
SELECT ?, b, c FROM t WHERE a = 1 ORDER BY b ASC错误: SELECT ?, b, c FROM t WHERE a = 1 ORDER BY b ASC
The parameter value will be a literal value, not the name of a column.参数值将是文字值,而不是列名。 WRONG:
SELECT a, b, c FROM ? WHERE a = 1 ORDER BY b ASC错误:从中SELECT a, b, c FROM ? WHERE a = 1 ORDER BY b ASCSELECT a, b, c FROM ? WHERE a = 1 ORDER BY b ASC
Syntax error.语法错误。 WRONG:
SELECT a, b, c FROM t WHERE ? = 1 ORDER BY b ASC错误: SELECT a, b, c FROM t WHERE ? = 1 ORDER BY b ASCSELECT a, b, c FROM t WHERE ? = 1 ORDER BY b ASC
The parameter value will be a literal value, not the name of a column.参数值将是文字值,而不是列名。 WRONG:
SELECT a, b, c FROM t WHERE a IN (?) ORDER BY b ASC错误: SELECT a, b, c FROM t WHERE a IN (?) ORDER BY b ASC顺序SELECT a, b, c FROM t WHERE a IN (?) ORDER BY b ASC
The parameter value will be a single literal value, not a list of values, even if you pass a string of comma-separated values.即使您传递以逗号分隔的字符串,参数值也将是单个文字值,而不是值列表。 WRONG:
SELECT a, b, c FROM t WHERE a = 1 ORDER BY ? ASC错误: SELECT a, b, c FROM t WHERE a = 1 ORDER BY ? ASCSELECT a, b, c FROM t WHERE a = 1 ORDER BY ? ASC
The parameter value will be a literal value, not the name of a column.参数值将是文字值,而不是列名。 WRONG:
SELECT a, b, c FROM t WHERE a = 1 ORDER BY b ?错误: SELECT a, b, c FROM t WHERE a = 1 ORDER BY b ?
Syntax error.语法错误。
Basically if you could write a string literal, date literal, or numeric literal in place of the query parameter, it should be okay. 基本上,如果您可以写一个字符串文字,日期文字或数字文字来代替查询参数,那应该没问题。 Otherwise you have to interpolate the dynamic content into the SQL string before you prepare() it. 否则, 在 prepare()动态内容之前,必须将其插入到SQL字符串中。
解决方案2
2 2013-07-10 22:32:21
It looks as though the bind_param() function does not replace the very first '?' 似乎bind_param()函数不会替换第一个“?” that defines the table name. 定义表名。 Try manually putting the table name into the prepared string first and only use '?' 请尝试先手动将表格名称放入准备好的字符串中,然后仅使用'?' markers where it is expecting values. 期望值的标记。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.