为了防止SQL注入我试图实现准备和执行协议,但是每当我尝试准备查询时,它都会以bool false的形式返回。在下面的代码中,我应该编写什么而不是“//应该使用什么代码来获取有关错误的更多信息”,以便弄清楚为什么SQL语句不合适?
$db = mysqli_connect('ip', 'username', 'password' , 'database') or die('Could not connect');
mysqli_select_db($db,'database') or die('Could not select database');
$table_name = $_GET['table_name'];
$query = $db->prepare('SELECT * FROM ? ORDER by `score` DESC LIMIT 1');
if ($query == false)
{
echo 'fail';
// What code should go here to get more info on the error?
//I have tried: echo $this->db->conn->error_list;
}
else
{
$query->bind_param('s', $table_name);
$query->execute();
$result = mysqli_query($db,$query) or die('Query failed: ' . mysql_error($db));
$num_results = mysqli_num_rows($result);
for($i = 0; $i < $num_results; $i++)
{
$row = mysqli_fetch_array($result);
$myObj = array('name' => $row['name'], 'score' => $row['score']);
}
$myJSON = json_encode($myObj);
echo $myJSON;
return('$myJSON');
}
&GT;