PDO query issue with bindParam from function variables

Question

I have problem with querying by function and binding with used variables.

public function get_where($what, $condition, $thing)
    {
        $this->statement = "SELECT * FROM $this->table WHERE :what :condition :thing";

        $stmt = $this->db->pdo()->prepare($this->statement);

        $stmt->bindParam(':what', $what);
        $stmt->bindParam(':condition', $condition);
        $stmt->bindParam(':thing', $thing);

        $stmt->execute();

        return $result = $stmt->fetchAll();
    }

Usage:

$result = $QueryBuilder->table('calendar')
    ->get_where('MONTH(date)', '=', '9');

var_dump($result);

Result is empty array

As you can see I pass to this function MONTH(date) as what, = as condition and 9 as thing.

But it doesn't work, empty array

But when I manually change

$this->statement = "SELECT * FROM $this->table WHERE :what :condition :thing";

to

$this->statement = "SELECT * FROM $this->table WHERE MONTH(date) = 9";

it works perfectly.

So why is wrong here? : /

In addition I can say that by doing

$result = $QueryBuilder->table('calendar') ->get_where('1', '=', '1');

I get all rows in result

You can't create `placeholder` for `column and table name` in prepare statement. — Saty, Sep 27 '17 at 13:53
You can only bind `:thing`, you need to add `$what` and `$condition` to the statement itself. — davey, Sep 27 '17 at 13:55

PDO query issue with bindParam from function variables

0 Answers0