Home/ Questions/Q 8873571
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T18:29:57+00:00

I’m trying to make a function that I can use on multiple pages to

  • 0

I’m trying to make a function that I can use on multiple pages to save the amount of code used. one of the functions parameters should tell the function which mysql table to get all the data from but for some reason the function doesn’t work. Here is what I have:

function get_data($conn, $type) {
    $stmt = $conn->prepare("SELECT * FROM :type");
    $stmt->bindParam(':type', $type);
    $stmt->execute();
    $results = $stmt->fetchAll();
    return $results ? $results : false;
}

So when I call the function on one of my page I use:

$conn = connect();
$results = get_data($conn, 'links');

Why doesn’t the function work? Anyone know?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As far as I know, you can’t pass the table as a parameter. You must therefore build your query with string concatenation. In such case, the risk of SQL injection should be zero, since you shouldn’t accept table names from external sources.

    Example 

    function get_data($conn, $table_name) {
    // The backticks are used in case table name contains spaces, or it matches a keyword
    $stmt = $conn->prepare('SELECT * FROM `' . $table_name . '`');
    $stmt->bindParam(':type', $type);
    $stmt->execute();
    $results = $stmt->fetchAll();
    return $results ? $results : false;
}

    One further note
    Although I can understand what you want to achieve, this method of accessing data is quite inefficient. First of all, you use the asterisk, which is, more often than not, a big no-no when running queries. Secondly, with this approach you cannot add clauses, such as WHERE, JOIN and so on. Always fetching all the data from a table indiscriminately will probably cause major performance issues.

    • 0