删除记录会返回SQLSTATE [42000]错误

I have this small PHP script for deleting a record from a MySQL database, and it returns SQLSTATE[42000].

include("connectDB.php");

$recordID = $_POST["ID"];
$table = $_POST["table"];
$URL = $_POST["URL"];

$deleteRecordQuery = "DELETE FROM :table WHERE ID=:ID";
$deleteRecord = $conn->prepare($deleteRecordQuery);
$deleteRecord->bindParam(':table',$table);
$deleteRecord->bindParam(':ID',$recordID);
$deleteRecord->execute();

header("Location: ".$URL);

The script is working if I comment out binding of the :table parameter, and directly use $table variable in the statement:

$deleteRecordQuery = "DELETE FROM $table WHERE ID=:ID";

So binding of the ID works. Why doesn't binding of the table work?

The return message is:

SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Osobe' WHERE ID='1'' at line 1

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dro59505 2015-05-27 11:04
关注
Your question is: "Why doesn't binding of the table work?" I think you have already figured out that binding table and column names doesn't work.

I think this is easiest to understand in terms of a SELECT statement, rather than a DELETE statement. Processing SQL statements basically occurs in two phases. The first phase is the "prepare" (or "compile" phase). The second is the "execution" phase. The values of bind variables are not available for the "prepare" phase, only for the "execution" phase.

The "prepare" phase determines what data needs to accessed, what the execution path will be (such as the use of indexes), and what the result set will look like. If the query engine does not know what tables or columns are being accessed, then it cannot do the necessary work in the compile stage. So, tables and columns are required for preparing the statement.

In your case, there is an easy fix, which is the embed the table name directly in the SQL. I do note that this is not satisfying, because the resulting statement could then be vulnerable to injection attacks.

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

删除记录会返回SQLSTATE [42000]错误 mysql php sql
2015-05-27 10:50

回答 2 已采纳 Your question is: "Why doesn't binding of the table work?" I think you have already figured out
如何修复SQLSTATE [42000]错误; 用准备好的陈述 mysql php
2016-08-23 18:07

回答 1 已采纳 As documented under PDO::prepare: You must include a unique parameter marker for each value yo
SQLSTATE [42000]：语法正常时语法错误 mysql php
2015-11-03 06:49

回答 2 已采纳 You should use prepared statements. It will prevent sql injections and you wont have to deal with
Greenplum6.x-版本变化记录-常用手册
2022-07-02 00:11

xcSpark的博客您还可以指定SQLSTATE和SQLERRMSG代码以在用户抛出的错误时返回（PostgreSQL 8.4）。该RETURN QUERY EXECUTE语句指定要动态执行的查询（PostgreSQL 8.4）。使用语句进行条件执行CASE（PostgreSQL 8.4）。请参阅...
致命错误：未捕获PDOException：SQLSTATE [42000] php
2017-02-15 11:38

回答 1 已采纳 Try adding quotes around id=$search $where=' AND (cognome like "%'.$search.'%" OR nome like "%'.$
Illuminate \ Database \ QueryException SQLSTATE [42000] laravel mysql php
2018-10-03 09:26

回答 2 已采纳 Go in the App\Providers\AppServiceProvider class and change the boot method to look like this pub
Laravel SQLSTATE [42000]：语法错误或访问冲突：1055 laravel mysql php
2017-03-09 21:51

回答 2 已采纳 I changed strict = false inside config/database and its worked.
这 10 种 MySQL 经典错误案例，99% 的程序员一定遇到过！你呢？
2022-06-02 08:00

Java精选的博客今天就给大家列举 MySQL 数据库中，最经典的十大错误案例，并附有处理问题的解决思路和方法，希望能给刚入行，或数据库爱好者一些帮助，今后再遇到任何报错，我们都可以很淡定地去处理。学习任何一门技术的同时，...
SQLSTATE [42000]：语法错误或访问冲突：1066 laravel中不唯一的表/别名 laravel php
2018-05-07 01:50

回答 1 已采纳 The SQL statement that is failing makes perfect sense. It is attempting to join the table product
Laravel：JOIN中的SQLSTATE [42000]错误（状态代码500） laravel php
2016-04-13 22:30

回答 1 已采纳 In your Joins statements you have to add the alias of the table before the column name, for exampl
SQLSTATE [42000]：语法错误或访问冲突：1065查询为空（SQL :) php
2015-08-03 13:17

回答 1 已采纳 Your are calling: $this->executeSelectQuery($this->SELECT_CATEGORY_FILTER_BY_IDS.. but
MYSQL ERROR CODE 错误编号的意义
2017-09-05 14:04

@四百块的博客 MySQL error code(备忘) ...1009：不能删除数据库文件导致删除数据库失败 1010：不能删除数据目录导致删除数据库失败 1011：删除数据库文件失败 1012：不能读取系统表中的记录 1020：记录已
未捕获的PDOException：SQLSTATE [42000]：语法错误或访问冲突：1064查询功能 php sql
2019-02-05 18:01

回答 1 已采纳 As you are working with SQL you should use order by instead of order $contacts = $this->Contac
MySQL存储过程
2021-09-12 16:37

胡安民的博客接下来简单了解一下这几类变量的应用范围，首先MySQL服务器启动时会使用其软件内置的变量（俗称写死在代码中的）和配置文件中的变量（如果允许，是可以覆盖源代码中的默认值的）来初始化整个MySQL服务器的运行环境，...
如果你学习了MySQL进阶部分，那你就学习了MySQL进阶部分，恭喜你！
2023-12-21 08:47

Joy T的博客直接写主体，右下角Apply是应用，revert是撤销alter 删除存储过程：DROP PROCEDURE IF EXISTS get_invoices_with_balance()加上IF EXISTS是为了防止重复删除，重复删除会导致错误，通常与CREATE连用放在首行。...
数据库查询经常卡死？面对亿级大数据量，我是这么展示分析的
2020-04-23 11:13

帆软商业智能技术的博客其中有错误数据做增量删除即可。（2）有些内部使用的实时性较高的表，设定每2小时更新一次，从上午9点到下午6点。直接从业务库抽取其实是有风险的，当时数据库压力大，抽取比较慢，因此这部分仅作为非重点用户需求...
MySQL 变量、流程控制与游标
2022-07-14 11:41

陈弋辛的博客 1. 变量在MySQL 数据库的存储过程和函数中，可以使用变量来存储查询或计算的中间结果数据，或者输出最终的结果数据。... 错误码的说明： MySQL_error_code 和 sqlstate_value 都可以表示 MySQL 的...
MySQL
2022-07-22 11:37

陳小新的博客 forign key 3.1 外键约束删除/更新行为行为说明 NO ACTION 当在父表中删除/更新对应记录时,首先检查该记录是否有对应外键,如果有则不允许删除/更新.(与RESTRICT一致) RESTRICT 当在父表中删除/更新对应记录时,...
三.数据库基础-MySQL入门到精通学习这一篇就够了（详细）
2022-04-15 17:11

大云区人伍的博客 1算数运算符：计算时遇到如除数为0等错误，返回结果为NULL，不报错。 2比较运算符相对返回1，不等返回0，与NULL比较返回NULL 安全等于比较 <=> 可以判断是否为NULL LEAST(n1,…)返回其中最小值，当有NULL存在时...
Mysql
2022-07-11 16:19

l_ethan的博客由于查询返回的数据是*，所以此时，还需要根据主键值10，到聚集索引中查找10对应的记录，最终找到10对应的行row。 ③. 最终拿到这一行的数据，直接返回即可。回表查询：这种先到二级索引中查找数据，找到主键值...
没有解决我的问题, 去提问

悬赏问题

¥15 素材场景中光线烘焙后灯光失效
¥15 请教一下各位，为什么我这个没有实现模拟点击
¥15 执行 virtuoso 命令后，界面没有，cadence 启动不起来
¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
¥20 有关区间dp的问题求解
¥15 多电路系统共用电源的串扰问题
¥15 slam rangenet++配置
¥15 有没有研究水声通信方面的帮我改俩matlab代码
¥15 ubuntu子系统密码忘记
¥15 保护模式-系统加载-段寄存器

删除记录会返回SQLSTATE [42000]错误

2条回答 默认 最新

悬赏问题

2条回答默认最新