By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,136 Members | 1,087 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,136 IT Pros & Developers. It's quick & easy.

Newbie question about implementing prepared statements

P: n/a
Why will the first snippet of code will not work with prepared
statements, while the second example works fine?

$table_name = 'my_table';
$query = 'SELECT * FROM ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('s', $table_name);
$stmt->execute();
}

//------------------------------------------------------------------------------

$id = 100;
$query = 'SELECT * FROM my_table WHERE id = ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('i', $id);
$stmt->execute();
}

Many thanks for any insight.
Jun 27 '08 #1
Share this Question
Share on Google+
2 Replies


P: n/a
clumsy_ninja wrote:
Why will the first snippet of code will not work with prepared
statements, while the second example works fine?

$table_name = 'my_table';
$query = 'SELECT * FROM ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('s', $table_name);
$stmt->execute();
}

//------------------------------------------------------------------------------

$id = 100;
$query = 'SELECT * FROM my_table WHERE id = ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('i', $id);
$stmt->execute();
}

Many thanks for any insight.
You can't set a table name in a prepared statement - only values.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Jun 27 '08 #2

P: n/a
[crossposted to the right group and follow-up set}

On Mon, 23 Jun 2008 11:20:29 -0700 (PDT), clumsy_ninja wrote:
Why will the first snippet of code will not work with prepared
statements, while the second example works fine?

$table_name = 'my_table';
$query = 'SELECT * FROM ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('s', $table_name);
$stmt->execute();
}

//------------------------------------------------------------------------------

$id = 100;
$query = 'SELECT * FROM my_table WHERE id = ?';
if ($stmt->prepare($query)) {
$stmt->bind_param('i', $id);
$stmt->execute();
}

Many thanks for any insight.
"Parameter markers can be used only where data values should appear, not
for SQL keywords, identifiers, and so forth."

http://dev.mysql.com/doc/refman/5.0/en/sqlps.html

--
22. No matter how tempted I am with the prospect of unlimited power, I will
not consume any energy field bigger than my head.
--Peter Anspach's list of things to do as an Evil Overlord
Jun 27 '08 #3

This discussion thread is closed

Replies have been disabled for this discussion.