Reputation: 209
PDO Execute() function not binding the parameter
I have the following function. I expect it to print the number of rows in the table provided in its argument.
private function getTotalCount($tbl){
$sql = "SELECT count(*) FROM :tbl ;";
$sth = $this->db->prepare($sql);
$sth->execute(array(
':tbl' => $tbl
));
$data = $sth->fetch(PDO::FETCH_ASSOC);
print_r($data);
}
But the function is not printing anything...
When I replace the function to something like this:
private function getTotalCount($tbl){
$sql = "SELECT count(*) FROM $tbl ;";
$sth = $this->db->prepare($sql);
$sth->execute();
$data = $sth->fetch(PDO::FETCH_ASSOC);
print_r($data);
}
Then it works fine and print the number of rows.
QUESTION: Why the execute() function not binding the :tbl parameter to $tbl ??
Upvotes: 0
Views: 638
Answers (1)
Reputation: 8415
Sadly MySQL PDO doesn't accept parameters for SQL keywords, table names, view names and field names. This doesn't really come up in the main manual, but is mentioned a couple of times in comments.
The solution you have in the second piece of code is the workaround, although you may wish to sanitise the table name first (checking against a white list of table names would be ideal). More info: Can PHP PDO Statements accept the table or column name as parameter?
Upvotes: 4
Related Questions
- pdo execute Invalid parameter number: parameter was not defined
- PDO->execute() statement won't work and is syntactically correct
- Why empty result when passing argument via execute?
- Binding parameters by PDO not working
- PDO: Making an execute statement dynamic...but not working
- PHP - (PDO) Execute with binding variables
- execute method is always set to true
- PDO Execute Returns Nothing
- PDO in PHP : problem in binding parameter
- PDO Problem. Execute arguments not being read?