In my code I try to drop a database:
$connectionString="mysql://...";
$pdo = new PDO($connectionString);
...
// I intentionally Drop the Db from the user-given db name
// Details ommited for simplicity
$testDbName=$_POST['db_name'];
$stmt = $pdo->prepare("DROP DATABASE :db");
$stmt->bindValue(":db", $testDbName);
$stmt->execute();
But I get the following error:
SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''test_php_app_1076'' at line 1.ESQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''test_php_app_1076'' at line 1
But if I try this:
$pdo->query("DROP DATABASE `" . str_replace('`', '``', $testDbName) . "`");
Seem to work fine. Is there a way to make it work using prepared statements?