0

in a function to truncate a table I can use

$stmt = $mysqli->prepare("truncate table packed_items");

and $stmt is set to a mysqli_stmt Object, but
if I try

$stmt = $mysqli->prepare("truncate table ?");

then $stmt is set to null and the statment: 

$stmt->bind_param("s", $mytable)

will crash with error
Call to a member function bind_param() on a non-object in

I am using parameterized prepared statements to select,insert and update with no problem.

4

1 回答 1

1

您不能绑定任何 SQL 文字,但只能绑定数据之一。没有关键字,没有运算符,没有标识符。

如果您确实需要动态截断您的表,并且不知道名称(因为随机截断表显然是非常糟糕的设计的标志),请根据白名单检查表名,正确格式化,然后插入查询字符串。

于 2013-07-25T10:24:25.357 回答