Search Results

Search found 1 results on 1 pages for 'cgwebprojects'.

Page 1/1 | 1 

  • Is it necessary to mysql real escape when using alter table?

    - by cgwebprojects
    I noticed the other day that I cannot bind variables when using PDO with ALTER TABLE for example the following example will not work, $q = $dbc -> prepare("ALTER TABLE emblems ADD ? TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD ? DATETIME NOT NULL"); $q -> execute(array($emblemDB, $emblemDB . 'Date')); So is it necessary to use mysql_real_escape string and do it like below, // ESCAPE NAME FOR MYSQL INSERTION $emblemDB = mysql_real_escape_string($emblemDB); // INSERT EMBLEM DETAILS INTO DATABASE $q = $dbc -> prepare("ALTER TABLE emblems ADD " . $emblemDB . " TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD " . $emblemDB . "Date DATETIME NOT NULL"); $q -> execute(); Or do I not need to add in mysql_real_escape_string? As the only thing the query can do is ADD columns? Thanks

    Read the article

1