View more context

 

nightjarnz

it's not simple string replacement, to my knowledge (such as in PHP there, putting vars in a string), rather (again, my knowledge is also limited) I believe they're for values I'm not sure you can do what you're trying to achieve here with the tables as a parameter.

nightjarnz

TL:DR; might be best to do some reading on parameterised queries :)

nightjarnz

Then you can be the expert and inform us both :P

nightjarnz

I see in that PR you're not actually doing anything with the tables anyway (they're a statically defined string, used once). I might suggest you simply put them into the query directly, and just have the single ? for the AGAINST part.

nightjarnz

well, maybe not inline them directly, but continue using the variable to build the param'd query.

nightjarnz

It isn't adapting to user input, nor even function input. Chance of injection is ~extremely low~ nil.

phyzical

wait implode o.0 are twe taking a bunch of stuff to make a string qeury?