Is it necessary to mysql real escape when using alter table?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by cgwebprojects on Stack Overflow See other posts from Stack Overflow or by cgwebprojects
Published on 2012-04-05T11:15:18Z Indexed on 2012/04/05 11:29 UTC
Read the original article Hit count: 187

Filed under:
|
|

I noticed the other day that I cannot bind variables when using PDO with ALTER TABLE for example the following example will not work, 

$q = $dbc -> prepare("ALTER TABLE emblems ADD ? TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD ? DATETIME NOT NULL"); 
$q -> execute(array($emblemDB, $emblemDB . 'Date'));

So is it necessary to use mysql_real_escape string and do it like below,

// ESCAPE NAME FOR MYSQL INSERTION
$emblemDB = mysql_real_escape_string($emblemDB);
// INSERT EMBLEM DETAILS INTO DATABASE
$q = $dbc -> prepare("ALTER TABLE emblems ADD " . $emblemDB . " TINYINT(1) UNSIGNED NOT NULL DEFAULT '0', ADD " . $emblemDB . "Date DATETIME NOT NULL");
$q -> execute();

Or do I not need to add in mysql_real_escape_string? As the only thing the query can do is ADD columns?

Thanks

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about php

Related posts about mysql

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle