stackoom
  简体   繁体   中英

PDO MySQL prepared INSERT syntax error

 原文  2017-08-06 20:39:21       php/ mysql/ sql/ pdo/ syntax-error

Question

Have seen tons of similar questions but still can't find out what's going on.

I'm using PHP's PDO to prepare a statement like that: 

try{
    $statement = $db->prepare("INSERT INTO $date (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
    $statement->bindParam(':name', $name);
    $statement->bindParam(':surname', $surname);
    $statement->bindParam(':email', $email);
    $statement->bindParam(':phone', $phone);
    $statement->bindParam(':comment', $comment);

    $statement->execute();
}
catch(PDOException $e){
    die("Connection to database failed: " . $e->getMessage());
}

Have tried escaping everything with [] and specifying the database name before table name, but keep getting 

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in 
your SQL syntax; check the manual that corresponds to your MySQL server 
version for the right syntax to use near '2017-08-11 (name, surname, email, 
phone, comment) VALUES ('Test', 'Test', 'Test@' at line 1

3 answers

solution1
 5 ACCPTED  2017-08-06 20:42:53

INSERT INTO $date

It seems that there is a 2017-08-11 in $date var.

If you want to insert data into '2017-08-11' table, it should be escaped with ` symbol 

try{
    $statement = $db->prepare("INSERT INTO `$date` (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");
    $statement->bindParam(':name', $name);
    $statement->bindParam(':surname', $surname);
    $statement->bindParam(':email', $email);
    $statement->bindParam(':phone', $phone);
    $statement->bindParam(':comment', $comment);

    $statement->execute();
}
catch(PDOException $e){
    die("Connection to database failed: " . $e->getMessage());
}

solution2
 2  2017-08-06 20:43:00

假设2017-08-11是表名,只需将其用反引号括起来即可。 

    $statement = $db->prepare("INSERT INTO `$date` (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment)");

solution3
 -1  2017-08-06 20:52:27

sorry but you can't use special character when using the prepare statement, so what MySQL is actually seeing is INSERT INTO $date (name, surname, email, phone, comment) VALUES (:name, :surname, :email, :phone, :comment) which will trigger a syntax error.

here is a quick solution 

 try{
$db->query("INSERT INTO $date (name, surname, email, phone, comment) VALUES ($name, $surname, $email, $phone, $comment)");

}
catch(PDOException $e){
    die("Connection to database failed: " . $e->getMessage());
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Syntax error with PDO Prepared statements PHP PDO insert into MySQL error SQL syntax Error in my prepared pdo insert statements Using PDO prepared statements MySQL error Syntax for if/else statement if insert was successful in a PDO prepared statement PDO INSERT INTO prepared array MySQL syntax error with PDO query How to insert an array into a single MySQL Prepared statement w/ PHP and PDO Using $_POST to insert into MySQL db w/ PDO Prepared Statements how insert mutiple recored in mysql with pdo prepared statment?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM