I've been staring at this code for ever and I can figure out why it's not working.
$dbh = dbCon(); // CONNECT TO DATABASE THROUGH FUNCTION
$sth = $dbh->prepare("SELECT * FROM ? WHERE ? = ?");
$sth->execute(array($var1, $var2, $var3));
$sth->fetch(PDO::FETCH_OBJ);
When I replace the second line with:
$sth = $dbh->prepare("SELECT * FROM clientDetails WHERE clientID = 1");
Everything works fine but when I set var1, 2, 3 to them it doesn't want to work and throws the following error:
Fatal error:Uncaught exception 'PDOException' with message 'SQLSTATE[42000]:
Syntax error or access violation: 1064 You have an error in your SQL
syntax; check the manual that corresponds to your MySQL server version
for the right syntax to use near ''clientDetails' WHERE 'clientID' =
'1'' at line 1' in /home/cms/functions/functions.php:142 Stack trace:
0 /home/cms/functions/functions.php(142): PDOStatement->execute(Array) #1
/home/cms/functions/functions.php(470): returnData() #2 {main} thrown
in /home/cms/functions/functions.php on line 142
Answer
$sth = $dbh->prepare("SELECT * FROM " + $var1 + " WHERE " + $var2 + " = ?");
$sth->execute(array($var3));
No comments:
Post a Comment