Home/ Questions/Q 8849003
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T12:32:18+00:00

I am having a problem with binding param or value, does anybody knows what

  • 0

I am having a problem with binding param or value, does anybody knows what wrong?
If i change ? to area it works :-$

$item = 'area';
$query = dbConnectionPDO::getConnect()->prepare( ' SELECT * FROM  ? ' );
$query->bindParam(1, $item, PDO::PARAM_STR);
$query->execute();

while($resultId = $query->fetch(PDO::FETCH_ASSOC)){
    ////
}

Is this a good solution? It works!

$select = 'select * from ' . $item . ' left join ' . $TableName . ' ';

$query = dbConnectionPDO::getConnect()->prepare("$select ON :three = :four");
$query->bindValue(':three', $three, PDO::PARAM_STR);
$query->bindValue(':four', $four, PDO::PARAM_STR);
$query->execute();

while($resultId = $query->fetch(PDO::FETCH_ASSOC)){
    ////
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You’re trying to bind a table name, not a parameter. I’m not sure you can actually do that.

    bindParam works by binding question-mark holders or named parmeters, not a table name.

    $sth = $dbh->prepare('SELECT name, colour, calories
    FROM fruit
    WHERE calories < ? AND colour = ?');
$sth->bindParam(1, $calories, PDO::PARAM_INT);
$sth->bindParam(2, $colour, PDO::PARAM_STR, 12);
$sth->execute();

    If you’re just looking into placeholder “replacement” you can just use sprintf, but be careful since if you’ll be doing anything fishy or stupid (like accepting the table name from an external source), it might be leaky.

    For example:

    $theQ = "SELECT * FROM `%s` LEFT JOIN `%s` ON `%s` = `%s`";
$runQ = sprintf($theQ, 'one', 'two', 'three', 'four');
    • 0