Query failing with single quotes

Asked Mar 20 '17 at 20:21

Active Mar 20 '17 at 20:21

Viewed 21 times

trying to parametrize my queries, heres a supposedly simple one

        $query = $this->handle->prepare('USE :db_name');
        $query->bindParam(':db_name', $db_name, PDO::PARAM_STR);
        $query->execute();

however, it throws an invalid syntax error. I checked the query log, it comes out as

USE 'test'

which doesn't work, however, if I manually write

USE test

then that does work. This leaves me with 2 questions

Shouldn't the one with single quotes work? AFAIK, quotes just mark the beginning and ending of a string in SQL, why is it breaking it?
How can I get the prepared query to not automatically put quotation marks around the parameters?

asked Mar 20 '17 at 20:21

user81993

You can't use a parameter for an identifier. – Don't Panic Mar 20 '17 at 20:22
1. An identifier is not a string. 2. Nohow. – Your Common Sense Mar 20 '17 at 20:24
cool. So does pdo come with any built in sanitizing functions? – user81993 Mar 20 '17 at 20:25

0 Answers0