When trying to use
$SomeTable = "SomeTable";
INSERT INTO "' . $SomeTable . '" SET ...
instead of
INSERT INTO SomeTable SET ...
I am unsuccessful. Why am I unable to use a php variable to call a database name?
-
1You need to wrap table names (and column names) in backticks, not single or double quotes.andrewsi– andrewsi2013-09-13 15:56:10 +00:00Commented Sep 13, 2013 at 15:56
-
And you should really be using prepared statements rather than just concatenating strings.christopher– christopher2013-09-13 15:57:34 +00:00Commented Sep 13, 2013 at 15:57
-
@Chris Sadly you can't use placeholders for table names. This is a massive oversight.tadman– tadman2013-09-13 15:59:45 +00:00Commented Sep 13, 2013 at 15:59
-
@tadman Really!? I would have thought it would be the same principle? Wow. Learn something new every day.christopher– christopher2013-09-13 16:00:53 +00:00Commented Sep 13, 2013 at 16:00
-
PDO really should do it, but for some reason it's never gained this capability. Data placeholders are always escaped as strings, but table names use a different escaping method.tadman– tadman2013-09-13 16:06:38 +00:00Commented Sep 13, 2013 at 16:06
Add a comment
|
1 Answer
You would need to use something like this:
$SomeTable = "SomeTable";
$query = 'INSERT INTO `' . $SomeTable . '` SET ... ';
Which uses the ` character instead of quotes
2 Comments
James Doe Jr.
why are the backticks necessary there?
RyanS
I believe its to help distinguish it from SQL statements such as WHERE, FROM, etc. I didn't find anything official in my brief google