doudiza9154 2017-01-05 14:08
浏览 47
已采纳

创建BBDD @variable表

I would like to create a Table in a BBDD by variable in MYSQL. The problem i have is that the code doesn't work and I am not sure why.

$variable = "xxx_'".$_POST['idtour']."'_xxxx";

    // Create the table
        $sql = "CREATE TABLE $tourname (
                    id_leg VARCHAR(3) NOT NULL COMMENT 'Identificación de la leg del tour, en orden')";         
    //The action
    mysqli_query($link,$sql) or die("Error ".mysqli_error());

I think is a problem with the "_".Any help will be fantastic.

  • 写回答

1条回答 默认 最新

  • douan2907 2017-01-05 14:14
    关注

    The problem isn't the _. It's the '. "xxx_'".$_POST['idtour']."'_xxxx" will result in xxx_'value'_xxxx, as a possible table name, and ' is not valid in a table name. If you MUST include invalid characters, then you'll need to use the backtick operator.

    $tablename = "`xxx_'".$var."'_xxxx`";

    That should get you further towards your goal.

    On a side note: creating a table based on a user-provided variable is a bad idea. It risks users being able to create some bizarre and destructive behavior, and very often it's better accomplished by adding a column to an existing table. Have you tried adding a column user_idtour?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
  • ¥15 相敏解调 matlab