PDO 可否在 SQL 語句中使用 表名参数?????????????下面的語句中,第三个测试无法通过,,得到的 $stmt 是空指针$this->stmt = $this->pdo->prepare('SELECT * FROM GLYPH_PMINGLIU;');
if ($this->stmt == null) echo 'AAAAAAAAAA'; else echo 'BBBBBBBBB';
$this->stmt = $this->pdo->prepare('INSERT INTO GLYPH_PMINGLIU VALUES(:d,:unicodeChar);');
if ($this->stmt == null) echo 'CCCCCCCCC'; else echo 'DDDDDDDDD';
$this->stmt = $this->pdo->prepare('INSERT INTO :tableName VALUES(:d,:unicodeChar);');
if ($this->stmt == null) echo 'EEEEEEEE'; else echo 'FFFFFFFFFF';
if ($this->stmt == null) echo 'AAAAAAAAAA'; else echo 'BBBBBBBBB';
$this->stmt = $this->pdo->prepare('INSERT INTO GLYPH_PMINGLIU VALUES(:d,:unicodeChar);');
if ($this->stmt == null) echo 'CCCCCCCCC'; else echo 'DDDDDDDDD';
$this->stmt = $this->pdo->prepare('INSERT INTO :tableName VALUES(:d,:unicodeChar);');
if ($this->stmt == null) echo 'EEEEEEEE'; else echo 'FFFFFFFFFF';
楼主的方法不是太对,参考手册,注意"?"占位符的使用:mysqli::prepare
mysqli_prepare
(PHP 5)mysqli::prepare -- mysqli_prepare — Prepare an SQL statement for execution说明
面向对象风格mysqli_stmt mysqli::prepare ( string $query )
过程化风格mysqli_stmt mysqli_prepare ( mysqli $link , string $query )
Prepares the SQL query, and returns a statement handle to be used for further operations on the statement. The query must consist of a single SQL statement. The parameter ers must be bound to application variables using mysqli_stmt_bind_param() and/or mysqli_stmt_bind_result() before executing the statement or fetching rows. 参数link
仅以过程化样式:由 mysqli_connect() 或 mysqli_init() 返回的链接标识。query
The query, as a string. Note: You should not add a terminating semicolon or \g to the statement.
This parameter can include one or more parameter ers in the SQL statement by embedding question (?) characters at the appropriate positions. Note: The ers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value. However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign. The latter restriction is necessary because it would be impossible to determine the parameter type. It's not allowed to compare er with NULL by ? IS NULL too. In general, parameters are legal only in Data Manipulation Language (DML) statements, and not in Data Definition Language (DDL) statements. 返回值
mysqli_prepare() returns a statement object or FALSE if an error occurred. 范例
Example #1 mysqli::prepare() example面向对象风格<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}$city = "Amersfoort";/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT District FROM City WHERE Name=?")) { /* bind parameters for ers */
$stmt->bind_param("s", $city); /* execute query */
$stmt->execute(); /* bind result variables */
$stmt->bind_result($district); /* fetch value */
$stmt->fetch(); printf("%s is in district %s\n", $city, $district); /* close statement */
$stmt->close();
}/* close connection */
$mysqli->close();
?>
过程化风格<?php
$link = mysqli_connect("localhost", "my_user", "my_password", "world");/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}$city = "Amersfoort";/* create a prepared statement */
if ($stmt = mysqli_prepare($link, "SELECT District FROM City WHERE Name=?")) { /* bind parameters for ers */
mysqli_stmt_bind_param($stmt, "s", $city); /* execute query */
mysqli_stmt_execute($stmt); /* bind result variables */
mysqli_stmt_bind_result($stmt, $district); /* fetch value */
mysqli_stmt_fetch($stmt); printf("%s is in district %s\n", $city, $district); /* close statement */
mysqli_stmt_close($stmt);
}/* close connection */
mysqli_close($link);
?>
以上例程会输出:Amersfoort is in district Utrecht
换一种思考,使用一个设计模式
自己写一个 pdo的 dbhelper类
http://php.net/manual/en/mysqli.prepare.php