selecting a database from a?

Question

basically i have football league tables set up in my database, each league table has its own db table so on one page i have a dropdown list that. what i want is once one of the leagues are selected it brings up the appropriate league table... so i get this error.. Fatal error: Call to a member function bind_param() on a non-object from this code ..

$sql = "SELECT * FROM ?";
$result = $db->prepare($sql);
      $result->bind_param('s',$league_var);
      $result->execute();
      $result->bind_result(..And the rest of the code..

now what i understand is that the prepare-call fails, so it returns false - false is not an object, so you can't call bind_param() on that... what is it id need to do to be able to select the database from a variable ??

You cannot use `bindParam()` for table names, you will have to build your query in a different way, possibly using a switch statement to get the right table name... — A.O., Feb 21 '14 at 20:40
To elaborate on the above, the only things you can bind are data you're inserting into the query, and not structural things. For example, if you wanted "where column = other_column", and did "where column = ?" and then parameterized "other_column", it would try comparing column with the string "other_column", rather than the actual column `other_column`. — Andrew, Feb 21 '14 at 20:41

score 1 · Accepted Answer · answered Feb 21 '14 at 20:47

1

You don't want to let the user know the tablenames. You might give them a choice of tables (using different names) then translate those to the real names with a list, and just append the approved name to the string.

if($userTableChosen=='users table')
{
    $tableToUse = "tblSuffix_Users";
}
else if .....

$sql = "SELECT * FROM {$tableToUse}";

Obviously this can be cleaned up quite a bit, using an array or something.

answered Feb 21 '14 at 20:47

developerwjk

8,619
2
17
33

i looked through and another code that i use to bring up the tables for general viewing, but i amended it so the sql basically $result = $db->query("SELECT * FROM {$league_var}"); and then the rest of the code .. cheers – Richard Marston Feb 21 '14 at 21:01

selecting a database from a?

1 Answers1