Truncate table using prepare statements in PHP

Asked May 31 '19 at 14:56

Active May 31 '19 at 15:03

Viewed 67 times

Is there any way to write this PHP code in a secure way using Pepare statements?

 $query = "TRUNCATE TABLE comments";
    $result = mysqli_query($conn,$query)
    or die('Error deleting table.');
}
else {
    echo "Sorry cannot delete";
}

I am trying to improve my Code but the 'TRUNCATE' function of the database is giving me problems.

With this code lines it doesn’t work:

$table_commets = 'comments';
$PDOStatement_comments = $PDO->prepare("TRUNCATE TABLE $table_commets;");
$PDOStatement_comments->execute();

Is there any way to improve it using MySQLi prepare statements?

Or it is better not to use Prepare statements in the TRUNCATE function?

edited May 31 '19 at 15:03

asked May 31 '19 at 14:56

ana

1

There is **never** a case when you need a prepared statement for a truncate query. It means you are doing something awfully wrong. Either way just use a table nname explicitly written in your script, not taken from the user input. – Your Common Sense May 31 '19 at 15:15
@YourCommonSense okay, so I'll leave my code as in the first lines – ana May 31 '19 at 15:18
1

Your first code is fine – Your Common Sense May 31 '19 at 15:21
@YourCommonSense Thank you – ana May 31 '19 at 15:24

Truncate table using prepare statements in PHP

0 Answers0