Created
November 6, 2014 07:48
-
-
Save smichaelsen/7e50851622cbcffade71 to your computer and use it in GitHub Desktop.
PDO: prepared statement problem
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $dbhost = '127.0.0.1'; | |
| $dbname = 'dname'; | |
| $dbuser = 'dbuser'; | |
| $dbpass = '123'; | |
| $dsn = sprintf('mysql:host=%s;dbname=%s', $dbhost, $dbname); | |
| $connection = new \PDO($dsn, $dbuser, $dbpass); | |
| $sql = 'DELETE FROM :table'; | |
| $statement = $connection->prepare($sql); | |
| $result = $statement->execute([':table' => 'user']); | |
| var_dump($result); // boolean false | |
| var_dump($statement->errorInfo()); | |
| /* | |
| array (size=3) | |
| 0 => string '42000' (length=5) | |
| 1 => int 1064 | |
| 2 => string 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user'' at line 1' (length=153) | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Solution: It seems the table name is not allowed to be a prepared statement parameter