{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 老娘就宠你 的问题《PHP/PDO: Prepared statements don't work when c》','https://www.manongdao.com/q-1219953.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
When I am using a PDO prepared statement, and use it to plug in a table name to the query it fails, a quick example:
$stmt = $dbh->prepare("CREATE TABLE ? (id foo, int bar,...)");
$stmt->execute(Array('table_foobar'));
All it does is replaces ? with 'table_foobar', the single quotes don't allow creation of the table for me!
I end up needing to do a sprintf on TOP of the prepared statement to add in a predefined table name.
What on earth am I missing here?
I can find nothing clear in the manual, but looking at the User Contributed Notes, the use of parameters is intended for actual values only, not table names, field names etc.
Normal string concatenation should (and can) be used.
If you are creating a table dynamically, that most likely means you do not understand relational database ideology and as a result doing something wrong.
Just create all the tables at application setup from ready made dump and do not create any tables at runtime.
No need to use dynamic table name at all.