PHP - 准备好的语句错误,出了什么问题?
所以这是代码块:
$query = "UPDATE users SET ?=? WHERE ?=?";
$type = "s";
$type .= substr(gettype($valname), 0, 1);
$type .= 'i';
if ( $smtp = $this->conn->prepare($query) )
{
$smtp->bind_param($type, $colname, $valname, 'id', 40);
$smtp->execute();
$smtp->close();
}else
{
return $this->conn->error;
}
由于某种原因它拒绝绑定参数,并且它给了我这个错误: 您的 SQL 语法有错误;检查与您的 MySQL 服务器版本相对应的手册,了解在 '?=? 附近使用的正确语法。哪里?=?'在第 1 行
如果我在问号周围添加反引号 ( ` ) 或单引号 ( ' ),则会收到此错误:
未知列 '?'在“where 子句”中,
你知道出了什么问题吗?我已经坐在这里玩了好几个小时了,天哪,这太令人沮丧了!
非常感谢!
So here's the codeblock:
$query = "UPDATE users SET ?=? WHERE ?=?";
$type = "s";
$type .= substr(gettype($valname), 0, 1);
$type .= 'i';
if ( $smtp = $this->conn->prepare($query) )
{
$smtp->bind_param($type, $colname, $valname, 'id', 40);
$smtp->execute();
$smtp->close();
}else
{
return $this->conn->error;
}
For some reason it refuses to bind the parameters, and it gives me this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?=? WHERE ?=?' at line 1
If i add backticks ( ` ) or singlequotes ( ' ) around the questionmarks i get this error instead:
Unknown column '?' in 'where clause'
Any ideas what's gone wrong? I've been sitting here for hours playing with it, god it's frustrating!!
Thanks a bunch!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
据我所知,你只能使用 ?条件的占位符,而不是表/字段名称的占位符。
请参阅: http://php.net/manual/en/pdo.prepared-语句.php
As far as I know, you can only use ? placeholders for the condition, not for table/field names.
See: http://php.net/manual/en/pdo.prepared-statements.php
我认为您不能在准备好的语句中动态定义列,只能定义值,因为这些值被转义等。您需要将列名放入 $query 字符串中,如果它来自未知来源,请确保对其进行过滤并验证它。
I do not think you can define the column dynamically in a prepared statement, only values, as these are escaped etc. You will need to put the column name in the $query string, if it comes from an unknown source make sure you filter it and validate it.