use heredoc to input sql and when bind var ,get error

Question

i write this code for query

    $tableQuery_comment = <<<query
                            CREATE TABLE IF NOT EXISTS `?comment` (
                              `cmt_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
                              `cmt_obj_id` bigint(20) NOT NULL DEFAULT '0',
                              `cmt_author_name` tinytext NOT NULL,
                              `cmt_author_email` varchar(100) NOT NULL DEFAULT '',
                              `cmt_author_url` varchar(200) NOT NULL DEFAULT '',
                              `cmt_author_ip` varchar(100) NOT NULL DEFAULT '',
                              `cmt_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
                              `cmt_content` text NOT NULL,
                              `cmt_approve` varchar(20) NOT NULL DEFAULT 'yes',
                              `cmt_agent` varchar(255) NOT NULL DEFAULT '',
                              `cmt_parent` bigint(20) NOT NULL DEFAULT '0',
                              `user_id` bigint(20) NOT NULL DEFAULT '0',
                              PRIMARY KEY (`cmt_id`),
                              KEY `cmt_obj_id` (`cmt_obj_id`),
                              KEY `cmt_parent` (`cmt_parent`),
                              KEY `user_id` (`user_id`)
                            )
query;

and use mysqli to connect and execute my query with bind a value in first line of my query

$con = new mysqli($dbHost, $dbUser, $dbPass, $dbName);
        $exe = $con->prepare($tableQuery_comment);
        $exe->bind_param(1, $tablePrefix);
        $exe->execute();

and get error in this line

$exe->bind_param(1, $tablePrefix);

Error :

mysqli_stmt::bind_param(): Number of variables doesn't match number of parameters in prepared statement

i try bind :name parameter like this code (when use this statement change ? sign to :tablePrefix)

$exe->bind_param(':tablePrefix', $tablePrefix);

and this code

$exe->bind_param('s', $tablePrefix);

but get and get again same error

what should i do to bind parameter in heredoc with mysqli?

Answer 1

You can't use parameters for table and column names, only where expressions are allowed. So you have to use string substitution for this:

    $tableQuery_comment = <<<query
                            CREATE TABLE IF NOT EXISTS `{$tablePrefix}comment` (
                              `cmt_id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
                              `cmt_obj_id` bigint(20) NOT NULL DEFAULT '0',
                              `cmt_author_name` tinytext NOT NULL,
                              `cmt_author_email` varchar(100) NOT NULL DEFAULT '',
                              `cmt_author_url` varchar(200) NOT NULL DEFAULT '',
                              `cmt_author_ip` varchar(100) NOT NULL DEFAULT '',
                              `cmt_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
                              `cmt_content` text NOT NULL,
                              `cmt_approve` varchar(20) NOT NULL DEFAULT 'yes',
                              `cmt_agent` varchar(255) NOT NULL DEFAULT '',
                              `cmt_parent` bigint(20) NOT NULL DEFAULT '0',
                              `user_id` bigint(20) NOT NULL DEFAULT '0',
                              PRIMARY KEY (`cmt_id`),
                              KEY `cmt_obj_id` (`cmt_obj_id`),
                              KEY `cmt_parent` (`cmt_parent`),
                              KEY `user_id` (`user_id`)
                            )
query;