php – mysqli预处理语句查询错误在哪里？

我正在尝试创建一个 mysqli预处理语句,我将表从odbc连接数据库导入到MysqL 数据库中,我收到106列宽表查询的错误.

You have an error in your sql Syntax; check the manual that
corresponds to your MySQL server version for the right Syntax to use
near ‘? (ID, column1, column2, column3, column4, ‘ at line 1″

当我在这里回应查询时它是……

INSERT INTO ? (ID, column1, column2, column3, column4, …106 total columns… ) VALUES ( ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,
?, ?)

$sql = "SELECT * FROM $table WHERE $key = '$acct'";
$link = getoDBCConnection();
$result = odbc_do($link, $sql);
$data = array();
while ($row = odbc_fetch_array($result)) { 
        //store all query rows as array
        array_push($data, $row);
}   
//insert into MysqL table of the same name
//get column count from first row
$columns = count($data[0]);
$params = str_repeat(" ?,",$columns);
$params = rtrim($params,',');
$types = str_repeat("s",$columns+1);
$fields = implode(", ", array_keys($data[0]));
$sql = "INSERT INTO ? ($fields) VALUES ($params) ON DUPLICATE KEY UPDATE";
echo $sql."<br>";
$link = getSalesConnection();
$stmt = $link->prepare($sql);
var_dump($link->error);
foreach ($data as $row) {
        $stmt->bind_param($types, $table, implode(", ",array_values($row)));
        $stmt->execute();
}

我已经尝试使用标准的bind_param并使用call_user_func_array()方法.我试过引用我的参数字符串和列名,没有效果.如果我的bind_param类型出错,那么我应该在prepare语句中出错吗？但是,对于我无法查明的准备命令的sql存在一些问题.请帮忙！

解决方法:

查询参数只能用于代替标量值.您不能参数化表名,列名,sql表达式,关键字,值列表等.

>错误：SELECT？,b,c FROM t WHERE a = 1 ORDER BY b ASC
参数值将是文字值,而不是列的名称.
>错误：选择a,b,c FROM？在哪里a = 1 ORDER BY b ASC
语法错误.
>错误：选择a,b,c FROM t在哪里？ = 1订购b ASC
参数值将是文字值,而不是列的名称.
>错误：选择a,b,c FROM t IN(？)ORDER BY b ASC
即使您传递一串逗号分隔值,参数值也将是单个文字值,而不是值列表.
>错误：选择a,b,c FROM t WHERE a = 1 ORDER BY？ ASC
参数值将是文字值,而不是列的名称.
>错误：选择a,b,c FROM t WHERE a = 1 ORDER BY b？
语法错误.

基本上,如果您可以编写字符串文字,日期文字或数字文字来代替查询参数,那么它应该没问题.否则,在准备()之前,必须将动态内容插入到sql字符串中.

php – mysqli预处理语句查询错误在哪里？

相关推荐