Home » Php » php – Escape table name MySQL

php – Escape table name MySQL

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have a little problem with escaping table name. I was so stupid that i choose “show” for the name of table. When I use mysqli connection the escaping works fine, but its not working with classical mysql connection. Any advise?
Sorry for my English, I am not native speaker.

SELECT SQL_CALC_FOUND_ROWS year, nameShow 
FROM   `show`
LIMIT 0, 10

I get error as

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'show' at line 2 –

Query

$sQuery = "
    SELECT SQL_CALC_FOUND_ROWS year, nameShow 
    FROM   `show`
    $sWhere
    $sOrder
    $sLimit
    ";
How to&Answers:

Section 9.3 of MySQL 5.1 Reference Manual says back ticks (`) or double quotes (“), however, I’d go with Fahim Parkar’s comment above and just rename the table.

Also worth noting, you must use ANSI_QUOTES SQL mode if using double quotes per Section 9.2:

If the ANSI_QUOTES SQL mode is enabled, it is also permissible to
quote identifiers within double quotation marks

Answer:

The problem is with YEAR not with SHOW. YEAR is a MySQL function.
Best practice is to quote column and tables names all the time, makes things easy to read also.

Should be:

SELECT SQL_CALC_FOUND_ROWS `year`, `nameShow` 
FROM   `show`
LIMIT 0, 10

Answer:

Backticks should work fine

try putting a comma after SQL_CALC_FOUND_ROWS,

SELECT SQL_CALC_FOUND_ROWS, year, nameShow 
FROM   `show`
LIMIT 0, 10