2

So I encounter something ackward, and i couldnt really figure out why. When I ran the original code, i would get an error message saying my query isn't acceptable.

So my code was as following.

$parts = array(
    "engine",
    "reactor"
);

$count = count($parts);

for($x = 0; $x < $count; $x++) {

    $table = 'ship_'.$parts[$x];

    $sql = "SELECT * FROM ? WHERE UserId = ?";

    $stmt1 = mysqli_prepare($con, $sql);

    mysqli_stmt_bind_param($stmt1,'si',$table, $n_userid)

.....

so this causes an eror

Fatal error: Wrong SQL: SELECT * FROM ? WHERE UserId = ? Error: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '? WHERE UserId = ?'

however, when i do the following it runs fine.

for($x = 0; $x < $count; $x++) {

    $table = 'ship_'.$parts[$x];

    $sql = "SELECT * FROM ". $table ." WHERE UserId = ?";

    $stmt1 = mysqli_prepare($con, $sql);

    mysqli_stmt_bind_param($stmt1,'i', $n_userid);  

....

So is this an error from my side or cant I use a parameter as table?. I rather want the table to be loaded as a prepared statement parameter, but if there is no way arround it, i ll have to fly with what i got.

Dorvalla
  • 5,027
  • 4
  • 28
  • 45
  • https://stackoverflow.com/questions/11312737/can-i-parameterize-the-table-name-in-a-prepared-statement – Krish Apr 11 '18 at 18:30

1 Answers1

1

Can't use bind parameter for table name.

Only values can be provided through bind placeholders.

Identifiers (table names, column names, function names, etc.) cannot be provided through bind placeholders.

spencer7593
  • 106,611
  • 15
  • 112
  • 140