0

I've tried putting quotes around the parameters, the var_dumps work fine when directly inputting it into the database.

function insertdata($pdo, $arr){

  unset($_POST['submit']);
  $query = '';
  foreach ($arr as $inner) {
    if ($inner['COLUMN_NAME'] == 'title')
      $query .= $inner['COLUMN_NAME'];
    else $query .= ','.$inner['COLUMN_NAME'];
  }

  $values = '"'.implode('","', $_POST).'"';

  $stmt1 = $pdo->prepare('INSERT INTO :table (:query)
                          VALUES (:val);');

  $criteria = [
    'table' => strtolower($_GET['section']),
    'query' => $query,
    'val' => $values
  ];

  $stmt1->execute($criteria);
}
theglobin
  • 33
  • 6
  • You can only bind data to the query using placeholders. Tables, columns etc are part of the query and can not be bound. – JimL Jan 06 '16 at 22:53
  • http://php.net/manual/en/pdo.error-handling.php would have helped you here. – Funk Forty Niner Jan 06 '16 at 22:53
  • @JimL is there any way I can go about making a general query or do I have to change all that code? – theglobin Jan 06 '16 at 22:57
  • @theglobin everything is possible - it will probably get ugly either way. I'm not sure what you're doing so not sure what to suggest you do. – JimL Jan 06 '16 at 22:59
  • @JimL your advice was good enough to make my program work! Thanks for telling me that, something I won't forget in a hurry – theglobin Jan 06 '16 at 23:06

0 Answers0