1

When using the below command

$query=$comm->prepare("DELETE FROM ? WHERE id = ?");

I am receiving the following error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? WHERE id = ?' at line 1

if i remove ? and replace it with table name the code is working properly. Please Help

4

2 回答 2

2

Table names cannot be parametrized. Since you supply the table name, and not the user (right?), it should be safe to concatenate/interpolate normally.

于 2012-12-25T10:34:22.367 回答
2

? is used for parameters, which can change. Why are you using ? for the table name? It remains constant.

于 2012-12-25T10:34:27.203 回答