I have this small PHP script for deleting a record from a MySQL database, and it returns SQLSTATE[42000].
include("connectDB.php");
$recordID = $_POST["ID"];
$table = $_POST["table"];
$URL = $_POST["URL"];
$deleteRecordQuery = "DELETE FROM :table WHERE ID=:ID";
$deleteRecord = $conn->prepare($deleteRecordQuery);
$deleteRecord->bindParam(':table',$table);
$deleteRecord->bindParam(':ID',$recordID);
$deleteRecord->execute();
header("Location: ".$URL);
The script is working if I comment out binding of the :table
parameter, and directly use $table
variable in the statement:
$deleteRecordQuery = "DELETE FROM $table WHERE ID=:ID";
So binding of the ID works. Why doesn't binding of the table work?
The return message is:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Osobe' WHERE ID='1'' at line 1