PHP PDO 准备的查询拒绝正确执行 - 转义问题？

发布于 2024-07-25 22:48:55 字数 931 浏览 3 评论 0原文

我在使用 PDO 在 PHP 中准备的查询时遇到问题。代码：

$link = new PDO("mysql:dbname=$dbname;host=127.0.0.1",$username,$password);
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $link->prepare("SELECT locality_name FROM :passedday GROUP BY locality_name ORDER BY locality_name DESC");
$query->bindParam(":passedday",$day); //Where day is, well, a day passed to the script elsewhere
$query->execute();
$result = $query->fetchAll();
$link = null;
//Do things with the $result.

我收到的错误消息是：

SQLSTATE[42000]: 语法错误或访问冲突: 1064 您的 SQL 语法有错误；检查与您的 MySQL 服务器版本相对应的手册，了解在第 1 行的 ''05_26_09' GROUP BY locality_name ORDER BY locality_name DESC' 附近使用的正确语法

当我直接在服务器上执行查询时，它返回适当的结果集，没有任何问题。有什么想法我做错了吗？

TIA。

编辑：

$day 作为 GET 参数传递。因此，http://127.0.0.1/day.php?day=05_26_09 会导致 $day = $_GET['day'];。

原文

I'm having a problem with a query prepared in PHP with PDO. The code:

$link = new PDO("mysql:dbname=$dbname;host=127.0.0.1",$username,$password);
$link->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $link->prepare("SELECT locality_name FROM :passedday GROUP BY locality_name ORDER BY locality_name DESC");
$query->bindParam(":passedday",$day); //Where day is, well, a day passed to the script elsewhere
$query->execute();
$result = $query->fetchAll();
$link = null;
//Do things with the $result.

The error message I am getting is:

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''05_26_09' GROUP BY locality_name ORDER BY locality_name DESC' at line 1

When I execute the query on the server directly, it returns the appropriate result set without any problem. Any ideas what I'm doing wrong?

TIA.

Edit:

$day is passed as a GET argument. So, http://127.0.0.1/day.php?day=05_26_09 leads to $day = $_GET['day'];.

分享到QQ

分享到微博