这样可行,所以我没有权限问题:
$sqlCommand = $pdo->prepare("CREATE DATABASE qaz");
显然,我想要安全并绑定该参数:
$sqlCommand = $pdo->prepare("CREATE DATABASE :database");
$sqlCommand->bindParam(':database', $databaseName);
其中$databaseName == qaz
但是,使用后者,$sqlCommand->execute()重新调整false。
1)你能在代码中看到任何明显的错误吗? 2)我该怎么调试呢?
print_r($sqlCommand->errorInfo())返回
Array ( [0] => 42000 [1] => 1064 [2] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''qaz'' at line 1 )