0

Whenever I try to use mysqli_stmt_bind_param to use a variable as a column name in a SET operation, it seemingly fails. Am I doing something wrong or am I misunderstanding something?

$connection = mysqli_connect('localhost', 'username', '******', 'db');
$query = "UPDATE stock SET ? = '4' WHERE storeID = 1";

$stmt = mysqli_prepare($connection, $query);

mysqli_stmt_bind_param($stmt, "s", $shirtSize);
$shirtSize = "whiteSmall";

mysqli_stmt_execute($stmt);

mysqli_stmt_close($stmt);

mysqli_close($connection);
everydayghost
  • 681
  • 1
  • 6
  • 12
  • You __cannot__ bind column and table names. – u_mulder Jun 28 '17 at 14:30
  • 1
    It is written in a manual http://php.net/manual/en/mysqli.prepare.php#refsect1-mysqli.prepare-parameters But why read it, huh? – u_mulder Jun 28 '17 at 14:31
  • 1
    If you think about it it will make sense. A `prepare` send the SQL to the server where it is compiled and optimised. It is not possible to compile or optimise a query if you do not know what columns/tables are going to be used in that query – RiggsFolly Jun 28 '17 at 14:36
  • @u_mulder I’m still learning, there’s no need to be rude and discouraging. Just because I don’t understand something doesn’t mean I haven’t researched it myself. – everydayghost Jun 28 '17 at 15:15
  • Thank you @RiggsFolly, it makes sense now. Is what I’m trying to do possible, or at least a decent practice? – everydayghost Jun 28 '17 at 15:17

0 Answers0