0

I'm trying to update a particular field in a mysql database. The field name is passed in a var, to a value (also passed in a var) where a specific field (memID) is equal to a particular value (also passed in a var). I'm using '?' placeholders.

function modFiltName($filtID,$newFN,$memID) { 
    include '../includes/setDBC.php'; //connect to dbc
    $stmt=$dbc->prepare('UPDATE mzfilters SET ? = ? WHERE memID=? ');
    $stmt->execute(array($filtID,$newFN,$memID));
    $dbc=null; // Close connection
}

It seems simple enough but I get errors no matter how I rearrange the code. The last error is typical of what I'm getting: ". . for the right syntax to use near '? = ? WHERE memID=?' " . .

Banjobum
  • 57
  • 8
  • 1
    you can't bind column names, only values. – Jonathan Kuhn Mar 12 '15 at 21:14
  • You can't use placeholders for tablenames, column names or other identifiers. –  Mar 12 '15 at 21:14
  • Both of those should be answers, not comments, but it's closed now anyways. – Erick Robertson Mar 12 '15 at 21:25
  • OK, thanks for fast response. I did read in the PDO tutorial mentioned above that I can not parameterise table names. Reading more I now see that it applies to field names too. I can't imagine how I can do what I'm trying to here. I have 24 filters that I'd like the user to name as she wishes. Do I need to write 24 functions, each using a different filter ID? That seems intuitively wrong. I don't seem to be able to ask my question in a way that running a search yields an explanation for me. – Banjobum Mar 12 '15 at 21:34

0 Answers0