我一直盯着这段代码,我可以弄清楚它为什么不起作用。
$dbh = dbCon(); // CONNECT TO DATABASE THROUGH FUNCTION
$sth = $dbh->prepare("SELECT * FROM ? WHERE ? = ?");
$sth->execute(array($var1, $var2, $var3));
$sth->fetch(PDO::FETCH_OBJ);
当我用第二行替换:
$sth = $dbh->prepare("SELECT * FROM clientDetails WHERE clientID = 1");
一切正常但是当我将var1,2,3设置为它们时它不想工作并抛出以下错误:
致命错误:带有消息'SQLSTATE [42000]的未捕获异常'PDOException': 语法错误或访问冲突:1064 SQL中有错误 句法;查看与MySQL服务器版本对应的手册 在''clientDetails'附近使用正确的语法WHERE'clientID'= /home/cms/functions/functions.php:142第1行'1''堆栈跟踪: 0 /home/cms/functions/functions.php(142):PDOStatement->执行(数组)#1 /home/cms/functions/functions.php(470):returnData()#2 {main}抛出 在/home/cms/functions/functions.php第142行
答案 0 :(得分:0)
$sth = $dbh->prepare("SELECT * FROM " + $var1 + " WHERE " + $var2 + " = ?");
$sth->execute(array($var3));