ใช้ bindParam pdo หรือ sprintf ใน php


หน้าแรก PHP MySQL เกร็ดความรู้ ใช้ bindParam pdo หรือ sprintf ใน php
You`re trying to bind a table name, not a parameter. I`m not sure you can actually do that.

bindParam works by binding question-mark holders or named parmeters, not a table name.


  Code
$sth = $dbh->prepare(`SELECT name, colour, calories
FROM fruit
WHERE calories < ? AND colour = ?`);
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();


If you`re just looking into placeholder "replacement" you can just use sprintf, but be careful since if you`ll be doing anything fishy or stupid (like accepting the table name from an external source), it might be leaky.

For example:


  Code
$theQ = "SELECT * FROM `%s` LEFT JOIN `%s` ON `%s` = `%s`";
$runQ = sprintf($theQ, `one`, `two`, `three`, `four`);



ขึ้นไปด้านบน