PHP mysqli prepared insert statement fails
Question
Here is the code. $fieldNamesA and $fieldValsA are created in a foreach loop from POST variables:
$fieldNamesS = implode(',',$fieldNamesA);
$fieldValsS = implode(',',$fieldValsA);
$mysqli = new mysqli('localhost', 'user', 'pw', 'db');
mysqli_report(MYSQLI_REPORT_ALL);
$stmt = $mysqli->prepare('INSERT INTO users (?) VALUES (?)');
if ($stmt === FALSE) {
die ("Mysql Error: " . $mysqli->error);
}
$stmt->bind_param('ss', $fieldNamesS,$fieldValsS);
$stmt->execute();
printf("%d Row inserted.\n", $stmt->affected_rows);
/* close statement and connection */
$stmt->close();
Here are error msgs:
Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?) VALUES (?)' at line 1' in userreg.php:47
Stack trace:
#0 userreg.php(47): mysqli->prepare('INSERT INTO use...')
#1 {main}
thrown in /userreg.php on line 47
I don't understand why it is complaining that there is something wrong with my insert statement. If I hardcode the column/field names, I get an error that the number of columns does not match the number of values, which is not correct. I var_dumped the variables just to make sure and they have the same number of parameters.
2 answers
solution1
1 ACCPTED 2013-06-24 20:22:32
I don't think you can use placeholders for the column names with PHP Mysqli.
Check out this answer which talks about a PHP class I wrote to extend the mysqli class. It will save you some time and it also does all the automatic placeholder bindings.
solution2
0 2013-06-24 20:20:55
You need to provide the names of the fields on the left side of VALUES then you need one ? for each of the values:
INSERT INTO some_table (some, columns) VALUES (?, ?)
EDIT
You cannot have placeholders in the column list. See http://php.net/manual/en/mysqli.prepare.php
The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.
However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.