I’m new to PHP and PDO, and I try to use prepared statements here. After 1 hour of trying around I give up. Or my tutorial was just horribly bad.
EDIT:
This works perfectly without prepared statements:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name="root"');
//$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
But this does not work at all with a prepared statement. Getting a totally blank page when doing this:
try {
$dbh = new PDO('mysql:host=localhost;dbname=test', 'root', 'root');
$prepared = $dbh->prepare('SELECT * from sys_navigation_point WHERE name=:foo');
$prepared->bindParam('foo', 'root');
$prepared->execute();
foreach($prepared as $row) {
print_r($row);
}
$dbh = null;
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
foo should be replaced with root. However, it doesn’t.
You can’t use params for stuff like table and column names, it’s meant to be used for data only, not for fully dynamic queries
This should work:
EDIT: This should be the real solution.
By looking at the documentation, it’s clear that the pattern has to be:
Then you do: