Reputation: 973
pdo prepared statement not working
I'm making the switch from mysql_connect to pdo and can't get it going. here's my code:
//get the row sk
$sk = strtok($string, "_");
//get the column name (the rest of the $string)
$column_name = substr($string, strpos($string, "_") + 1);
//get the value
$value = $_SESSION['save_arr'][$string];
echo "{$column_name} {$value} {$sk}</br>";
$sql = "update tbl_brand set ?=? where brand_sk=?";
$q = $pdo_conn->prepare($sql);
$q->execute(array($column_name, $value, $sk));
if I hard code some values in then it works fine
$sql = "update tbl_brand set name_long='name' where brand_sk='1'";
I'm sure it's just a syntax problem but I just can't see it. I'm working off this example http://www.phpeveryday.com/articles/PDO-Error-Handling-P552.html
the results from the echo are like so:
name_long National Autjho Glass 2
Upvotes: 0
Views: 1040
Answers (1)
Reputation: 51934
column names can't be bound to dynamic values in a prepared statement. only constants like strings and integers can be bound. so, your sql should contain the column name before it's prepared:
$sql = "update tbl_brand set `$column` = ? where brand_sk = ?";
you'll want to make sure the $column value is sanitized properly before embedding it in the sql statement.
in mysql, you can escape the column identifier like so:
$column = str_replace("`", "``", $column);
Upvotes: 7
Related Questions
- PDO, can't find whats wrong in my prepared statement
- PDO prepared statement trouble
- PHP PDO prepared statements syntax problems
- PDO prepared statement with conditions not working
- PDO prepared statement wont work with this query
- PDO prepared function issue
- Why does my PDO query fail?
- Syntax error with PDO Prepared statements
- Not too sure why this Prepared Statement isn't working
- PDO prepared statement problem