I am in the process of going through all my SQL statements and updating them to have prepared statements. This is working fine, however I realised that I wasn't preparing ALL my variables, just the ones in the WHERE statement. So I had this PHP code:
$results = $this->PDOSelect("SELECT `hash` FROM {$db}.{$table} WHERE `hash`='{$hash}';",true);
Which works fine and returns the right result set, of course. But then I wanted to update it and prepare the statement, as I have done others. Then I realised that not only did I have to put :hash in the WHERE clause, but I have two other variables as well for the database.
So I tried the following (which doesnt look right to me):
$this->authPrepared = array("database" => $db, "table" => $table, "hash" => $hash);
$results = $this->PDOSelect("SELECT `hash` FROM :database.:table WHERE `hash`=:hash;",true);
And it's not returning anything, as expected. How can I prepare this statement? Can I only prepare variables that are in the WHERE clause?
