https://stackoverflow.com/questions/19404153
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou can't use prepared statements for table and column names.
I advise you to use prepared statements everywhere since it is resilient against SQL injection (you don't have to care about escaping your values).
They also provide a performance benefits if you run them more than once.
Defined values in SQL statement
Question
Just wondering what peoples opinions are about defining values inside SQL statements when using the prepared statements such as:
$sql->query("SELECT * FROM ".TABLE_NAME." WHERE id = :id");
$sql->bind(':id', $id);
Not all the code but you can see what I am getting at. Should I bind the table name is what I am basically asking.
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
