Is it necessary to mysql real escape when using alter table?
Posted
by
cgwebprojects
on Stack Overflow
See other posts from Stack Overflow
or by cgwebprojects
Published on 2012-04-05T11:15:18Z
Indexed on
2012/04/05
11:29 UTC
Read the original article
Hit count: 212
I noticed the other day that I cannot bind variables when using PDO with ALTER TABLE for example the following example will not work,
$q = $dbc -> prepare("ALTER TABLE emblems ADD ? TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD ? DATETIME NOT NULL");
$q -> execute(array($emblemDB, $emblemDB . 'Date'));
So is it necessary to use mysql_real_escape string and do it like below,
// ESCAPE NAME FOR MYSQL INSERTION
$emblemDB = mysql_real_escape_string($emblemDB);
// INSERT EMBLEM DETAILS INTO DATABASE
$q = $dbc -> prepare("ALTER TABLE emblems ADD " . $emblemDB . " TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD " . $emblemDB . "Date DATETIME NOT NULL");
$q -> execute();
Or do I not need to add in mysql_real_escape_string
? As the only thing the query can do is ADD columns?
Thanks
© Stack Overflow or respective owner