Skip to main content

Return to Answer

Post Timeline

deleted 640 characters in body
Source Link
Your Common Sense
Your Common Sense
  • 158k
  • 42
  • 227
  • 376

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

AndGiven you haveare using a class, it will be no-brainer to format identifiers manuallyadd a table name as well. There is a tag wiki with exampleproperty. Why not read it first?

Update: As you can see, PDO turns out toIt will be inconvenient for real life tasks. Sosimple, you have to have a more intelligent abstraction library to handle MySQL querieselegant and safe. Here is Create an example using the safeMysqlabstract parent class, which will make your code dramatically shorter: first

class form{
   abstract publicclass functionabstractTable __construct($table){
        globalprivate $db;$table;
        return $db->getAll("DESCRIBE ?n", $table);
   private }$db;
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")$pdo){
        global$this->db $db;= $pdo;
    }
    $datapublic =function arraydescribe();
 {
       $res =return $db->query("DESCRIBE ?n", $table`$this->table`");
        while($row = $db->fetch>fetchAll($res)) {;
          }
}

Then create a specific class for your table

class someTable ifextends (!in_array($row['Field'],$skip))abstractTable {
               private $data[]$table = $row;'sometable';
            }

and so you will be able to get the required list of columns

$pdo = new }PDO(...);
      $table = returnnew $data;someTable($pdo);
  $fields = }
}$table->describe();

Howeversimple, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usableconcise, powerful, safe.

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

Given you are using a class, it will be no-brainer to add a table name as a property. It will be simple, elegant and safe. Create an abstract parent class first

abstract class abstractTable {
    private $table;
    private $db;

    public function __construct($pdo){
        $this->db = $pdo;
    }
    public function describe() {
        return $db->query("DESCRIBE `$this->table`")->fetchAll();
    }
}

Then create a specific class for your table

class someTable extends abstractTable {
    private $table = 'sometable';
}

and so you will be able to get the required list of columns

$pdo = new PDO(...);
$table = new someTable($pdo);
$fields = $table->describe();

simple, concise, powerful, safe.

replaced http://stackoverflow.com/ with https://stackoverflow.com/
Source Link
URL Rewriter Bot
URL Rewriter Bot

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wikitag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

deleted 6 characters in body
Source Link
Peter O.
Peter O.
  • 33.1k
  • 14
  • 86
  • 97

Is it possible to bind a table name?

No.

You have to whitelist table namenames. I doubt you want to let a user to browse any table from your database.
And

And you have to format identifiers manually as well.
  There is a tag wiki with example. Why not to read it first?

Update: As you can see, PDO turns out to be inconvenient for the real life tasks.
  So, oneyou have to have a more intelligent abstraction library to handle mysqlMySQL queries.
  Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that usinguses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your mysqlMySQL server with so many connects.

excludeExclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom cencan be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Is it possible to bind a table name?

No.

You have to whitelist table name. I doubt you want to let a user to browse any table from your database.
And you have to format identifiers manually as well.
  There is a tag wiki with example. Why not to read it first?

Update: As you can see, PDO turns out to be inconvenient for the real life tasks.
  So, one have to have a more intelligent abstraction library to handle mysql queries.
  Here is an example using safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed second parameter as there is no code in your function that using it.
  • NEVER connect in the class. Use already opened connection instead. Or you will kill your mysql server with so many connects.

exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom cen be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

Is it possible to bind a table name?

No.

You have to whitelist table names. I doubt you want to let a user to browse any table from your database.

And you have to format identifiers manually as well. There is a tag wiki with example. Why not read it first?

Update: As you can see, PDO turns out to be inconvenient for real life tasks. So, you have to have a more intelligent abstraction library to handle MySQL queries. Here is an example using the safeMysql class, which will make your code dramatically shorter:

class form{
    public function __construct($table){
        global $db;
        return $db->getAll("DESCRIBE ?n", $table);
    }
}

2 notes:

  • I've removed the second parameter as there is no code in your function that uses it.
  • NEVER connect in the class. Use an already opened connection instead. Or you will kill your MySQL server with so many connects.

Exclude implemented version

class form {
    public function __construct($table,$skip = array("id")){
        global $db;
        $data = array();
        $res = $db->query("DESCRIBE ?n", $table);
        while($row = $db->fetch($res)) {
            if (!in_array($row['Field'],$skip)) {
                $data[] = $row;
            }
        }
        return $data;
    }
}

However, such class seldom can be used as intended - there are always a lot of exceptions and manual formatting to make it usable.

added 671 characters in body
Source Link
Your Common Sense
Your Common Sense
  • 158k
  • 42
  • 227
  • 376
added 671 characters in body
Source Link
Your Common Sense
Your Common Sense
  • 158k
  • 42
  • 227
  • 376
added 50 characters in body
Source Link
Your Common Sense
Your Common Sense
  • 158k
  • 42
  • 227
  • 376
Source Link
Your Common Sense
Your Common Sense
  • 158k
  • 42
  • 227
  • 376