Printable View
Is there any way to use placeholder as table name in prepare()? Or any other way to put the table name into a query in a safe way? I'm writing a network communicator and I need to create tables for registered users, user name will be the part of table name for each user, so I have to make these names safe. Any ideas?
Last time I did something like this the table name was simply the MD5 of the users username. Sure, this meant browsing the tables with a sql browser meant they came out gibberish, but since the database was dedicated to user table storage, that didn't matter (and most usernames didn't make any more sense than the MD5 either...). It also gives you the added advantage of that the generated hash is automatically a safe table name (eg. 'USER_5d4c49dc300f29f0d0e5a85c9e5c47d8')
That's a good idea, but I think I will use something like this
instead od MD5. It will be possible to read user name in sql browserCode: