I have a problem with a prepared statement, here is my code:
function query_array($table, $data) {
foreach ($data as $column => $value) {
$columns[] = sprintf("`%s` = '%s'", $column, $this->db->real_escape_string($value));
}
$column_list = join(',', $columns);
// Prepare the statement
$stmt = $this->db->prepare("UPDATE `?` SET ?");
$stmt->bind_param('ss', $table, $column_list);
// Execute the statement
$stmt->execute();
// Save the affected rows
$affected = $stmt->affected_rows;
// Close the statement
$stmt->close();
// ...
}
$this->db returns an object;
$table = 'settings'; (string)
$column_list: (string)
`title` = 'Socialsd',`captcha` = '0',`public` = '',`private` = '',`time` = '1',`perpage` = '10',`message` = '140',`mail` = '1',`inter` = '10000',`size` = '1048576',`format` = 'png,jpg,gif',`sizeMsg` = '1048576',`formatMsg` = 'png,jpg,gif,bmp',`censor` = '',`ad1` = '',`ad2` = ''
The error I'm getting is:
Fatal error: Uncaught exception 'ErrorException' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?' at line 1' in C:\xampp\htdocs\new\includes\classes.php:256 Stack trace: #0 C:\xampp\htdocs\new\sources\admin.php(225): updateSettings->query_array('settings', Array) #1 C:\xampp\htdocs\new\index.php(42): PageMain() #2 {main} thrown in C:\xampp\htdocs\new\includes\classes.php on line 256
I can't figure out what causes this, because trying the following works just fine:
$query = sprintf("UPDATE `%s` SET %s", $table, $column_list);
$result = $this->db->query($query);
Any help is appreciated.
Update 1: May I know why this has been down-voted? It would be nice to know.
Update 2: So I've removed the last bind ($column_list) and put in the statement the entire output of $column_list, so basically I was binding only the table name, and now I get another error:
Can't find file: '.\diary\@003f.frm' (errno: 22)
Now I'm really confused.
