SQL有什么问题？

Question

我正在尝试使用PDO,所以我得到了这个:

所以,$_GET['word'] = "Jimi Hendrix"和$_GET['cat'] = "music".

$now = htmlentities(rawurldecode($_GET['word']));
$cat = htmlentities($_GET['cat']); 

$dsn = 'mysql:dbname=DATABASE;host=localhost';
$user = "USER";
$password = "PASS";

# connect to the database
try {
    $DBH = new PDO($dsn, $user, $password);
                $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );

                # the data to select 
                $data = array($cat, $now);

                $STH = $DBH->prepare("SELECT id, name FROM ? WHERE name LIKE ?");
                $STH->execute($data);
    $result = $STH->fetchAll();

}
catch(PDOException $e) {
    echo "Uh-Oh, something wen't wrong. Please try again later.";
    file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND);
}

echo "<pre>";
print_r($result);
echo "</pre>";

但上面的代码正在返回:

SQLSTATE[42000]: Syntax error or access violation: 1064 You Have a Syntax error in your SQL near ''music' WHERE name LIKE 'Jimi Hendrix'' on line 1

Answer 1

您不能将表名作为查询的参数传递.您需要构造/执行动态SQL字符串.