PDO with parameter

Question

I would like to have various option to change $this_var that contain different fieldname such as 'apple'=1 or 'orange'=1, is it possible?

$statement->prepare(SELECT * table WHERE $this_var = 1);

score 0 · Accepted Answer · answered Apr 12 '11 at 13:27

0

Given

$this_var = 'apple';
$statement->prepare("SELECT * table WHERE $this_var = 1");

the query would be SELECT * table WHERE apple = 1;

answered Apr 12 '11 at 13:27

Treffynnon

Sorry, but I do not understand the question. – Treffynnon Apr 12 '11 at 13:48
http://stackoverflow.com/questions/182287/can-php-pdo-statements-accept-the-table-name-as-parameter my question is quite similar to this which ask if it can subtitute table name but in my case, would be using variable to subtitute fieldname. – proyb2 Apr 12 '11 at 13:52
I think you are asking me if you can use placeholders or tokens like `:table` to replace table names just like data values in PDO. (this is not clear from your question however) In this case it is not possible. Simply sanitise the table name and insert it into the query as I have done above in my answer. – Treffynnon Apr 12 '11 at 14:00

score -2 · Answer 2 · answered Apr 12 '11 at 13:55

-2

No, you cannot have prepared statements with variable field names.

answered Apr 12 '11 at 13:55

cweiske

2 Answers2