Passing Column Name As Parameters In Prepared Statement

Asked Jul 24 '15 at 01:41

Active Jul 24 '15 at 01:44

Viewed 22 times

Using PHP and MySQLi, Can I also pass the name of the column (field) as parameter? for example in following example I would like to list all users which they column admin has flagged by 1

$sql = "SELECT * FROM `suser-tbl` WHERE ?=1 AND udepartment =?";

As you can see I used the first ? placeholder in the position of the column name.

edited Jul 24 '15 at 01:44

Jessica

7,075
28
39

asked Jul 24 '15 at 01:41

Suffii

5,694
15
55
92

Why don't you just do `WHERE admin = 1`? You haven't explained any reason to make that a parameter. – Jessica Jul 24 '15 at 01:45
2

you can't do this `WHERE ?=1` - `col=?` yes but not `?=1` - checking for errors would have spotted that. so, you can't bind tables/columns; period. Use a safelist if you want to do that. – Funk Forty Niner Jul 24 '15 at 01:46

Passing Column Name As Parameters In Prepared Statement

0 Answers0