[英]Can I create a MYSQL table using a PDO parameterized statement?
I wish to create a MySQL table using PHP and PDO. 我希望使用PHP和PDO创建一个MySQL表。 I also wish to parameterize the table name. 我也希望参数化表名。 I have already attempted to implement this and the code, with errors, is shown below. 我已经尝试实现这一点,下面显示了有错误的代码。
class databaseaccess {
public $hostname = 'localhost';
public $username = 'root';
public $password = 'root';
private $db = null;
public $rows;
public function __construct() {
try {
$this->db = new PDO("mysql:host=$hostname;dbname=noteshareproject", $this->username, $this->password);
}
catch (PDOException $Exception) {
throw new Exception("DB failed to connect ".$Exception->getMessage());
}
}
public function writetable($title,$id){
if ($this->db === null) throw new Exception("DB is not connected");
//query works with `:title` however keeps the commas. Gotta find out what is wrong.
$query = "CREATE TABLE noteshareproject.:title (id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), username VARCHAR(20)) ENGINE=myISAM;";
$statement = $this->db->prepare($query);
$title = $title . $id;
$title = (string) $title;
$statement->bindValue(':title', $title, PDO::PARAM_STR);
$statement->execute();
print_r($statement->errorInfo());
echo $title;
}
}
The output of the above code is as follows: 上面代码的输出如下:
Array
(
[0] => 42000
[1] => 1064
[2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''exampletablename'(id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), username VARCHAR(20)) EN' at line >2
)
exampletablename
What have I done wrong in my MySQL syntax or PDO implementation? 我在MySQL语法或PDO实现中做错了什么?
You cannot use placeholders in prepared statements for identifiers (column/table/database/function names etc). 您不能在准备好的语句中使用占位符作为标识符(列/表/数据库/函数名称等)。 You can only use them for values. 您只能将它们用作值。
CREATE TABLE noteshareproject.:title
// ^^^^^^ this will not work
You will have to manually sanitise $title
so it can be used directly in the string if you want to do this. 您将必须手动清理$title
以便您可以直接在字符串中使用它。
Note also that a DDL statement such as CREATE TABLE
cannot be prepared, so there is no point in using prepare()
. 还请注意,无法准备DDL语句(例如CREATE TABLE
,因此使用prepare()
没有意义。 You might as well just use query()
or exec()
. 您也可以只使用query()
或exec()
。
I do also wonder if the fact that you want to do this at all is an indicator of poor database design - it is unlikely that a requirement for multiple tables of identical structure is a proper way to store your information, although without knowing more about your application it is impossible to say for sure. 我也确实想知道您是否真的想这样做表明数据库设计不佳-尽管对您的信息一无所知,但对多个具有相同结构的表的要求不太可能是存储信息的正确方法应用程序无法肯定地说。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.