好吧所以我试图使用我在侧面pdo更新中设置的变量我回显了pdo更新中的所有变量并且所有都已设置但是更新似乎不起作用.... 我想我只是缺少单引号/双引号
$myName = mysql_real_escape_string($_POST['myName']);
$mydropdown = mysql_real_escape_string($_POST['mydropdown']);
if ($mydropdown == '1') {$tablename = "poke1";}
if ($mydropdown == '2') {$tablename = "poke2";}
if ($mydropdown == '3') {$tablename = "poke3";}
if ($mydropdown == '4') {$tablename = "poke4";}
if ($mydropdown == '5') {$tablename = "poke5";}
if ($mydropdown == '6') {$tablename = "poke6";}
echo $tablename;
$sqll = "UPDATE users SET '$tablename'=? WHERE username=?";
$q = $db->prepare($sqll);
$q->execute(array($myName,$_SESSION['username']));
此外,我已经回显了tablename和myName都是vaild并设置为正确的东西
答案 0 :(得分:0)
使用反引号`而不是单引号:
$sqll = "UPDATE users SET `$tablename`=? WHERE username=?";
此外,您确定其SET $tablename或$tablename是否包含列名?
答案 1 :(得分:-1)
稍微优化的代码:
$myName = mysql_real_escape_string($_POST[`myName`]);
$tablename = null;
for($i = 1; $i < 7; $i++){
if($_POST[`mydropdown`] == $i) $tablename = `poke`.$i;
}
if(!is_null($tablename)){
echo $tablename;
$q = $db->prepare("UPDATE users SET `$tablename`=:tablename WHERE username=:username");
$q->bindParam(`:tablename`, $myName);
$q->bindParam(`:username`, $username);
$q->execute();
}