PDO fetchAll() returns an empty array

Question

in my code im trying to get data from my db with PDO and bind params but i keep on getting empty array, this is my code :

try{
    $pdo =new PDO('mysql:host=localhost;dbname=***', '***','***');
    $pdo->setAttribute(pdo::ATTR_ERRMODE,
                  pdo:: ERRMODE_EXCEPTION);
    $pdo->query('set names "utf8"');
}
catch (PDOException $e) {
   die('error connectin database');
}
$table = 'products';
$column = 'id';
$niddle = '70';
$sql = "SELECT * FROM `{$table}` WHERE ";
$sql .= ":column LIKE :niddle";
$pre = $pdo->prepare($sql);
$pre->bindParam(':column', $column ,PDO::PARAM_STR);
$pre->bindParam(':niddle', $niddle, PDO::PARAM_STR);
$result = $pre->setFetchMode(PDO::FETCH_ASSOC);
$pre->execute();
print_r($pre->fetchAll());

there is no exeption thrown, what could be the problem?

Duplicate of [Can I use a PDO prepared statement to bind an identifier (a table or field name) or a syntax keyword?](http://stackoverflow.com/questions/15990857/reference-frequently-asked-questions-about-pdo#15991422) — Your Common Sense, Apr 27 '13 at 13:01
I guess the `$column` would be surrounded by quotes like `"id"` which is unnecessary. Are you sure the `$needle` returns the String ? — , Apr 27 '13 at 14:30

score 1 · Answer 1 · answered Apr 27 '13 at 13:03

1

You should not bind the column name as a prepared statement parameter string as it will quote the column name. Do like you do with the table name just use it-- after whitelisting it.

answered Apr 27 '13 at 13:03

Ray

40,256
21
101
138

PDO fetchAll() returns an empty array

1 Answers1