How to dynamically build queries with PDO

by

Unfortunately, you can’t bind parameters by column names.

What you could try is to dynamically create your SQL command:

$sql = "SELECT * FROM $tableName WHERE $columnName = :value";
$query = $dbh->prepare($sql);
$query->bindParam(':value', $value);

Just make sure to sanitize your parameters/variables if they are coming from elsewhere, to prevent SQL Injection. In this case, $value is safe to a degree but $tableName and $columnName are not — again, that is most especially if the values for these variables are not provided by you and instead by your users/vistors/etc…

One other thing; please avoid using * and name your columns instead… See some reasons why:

http://www.jasonvolpe.com/topics/sql/

Performance issue in using SELECT *?

See other similar posts here:

Why doesn’t binding parameter in ORDER BY clause order the results?

How do I set ORDER BY params using prepared PDO statement?

More Related Contents:

  1. Why does this PDO statement silently fail?
  2. Cleansing User Passwords
  3. How can I use PDO to fetch a results array in PHP?
  4. What are the disadvantages of using persistent connection in PDO
  5. PHP PDOException: “SQLSTATE[HY093]: Invalid parameter number”
  6. What is the difference between MySQL, MySQLi and PDO? [closed]
  7. MySQL check if a table exists without throwing an exception
  8. Error logging, in a smooth way
  9. Can I use a PDO prepared statement to bind an identifier (a table or field name) or a syntax keyword?
  10. php pdo prepare repetitive variables
  11. How to read “fetch(PDO::FETCH_ASSOC);”
  12. How to make PDO run SET NAMES utf8 each time I connect, In ZendFramework
  13. PDO + MySQL and broken UTF-8 encoding
  14. Is there a way to fetch associative array grouped by the values of a specified column with PDO?
  15. PDOstatement (MySQL): inserting value 0 into a bit(1) field results in 1 written in table
  16. Why is constructing PDO connection slow?
  17. php code to test pdo is available?
  18. PDO fetchAll group key-value pairs into assoc array
  19. how to properly use while loop in PDO fetchAll
  20. Setting a connect timeout with PDO
  21. What is the best way to insert multiple rows in PHP PDO MYSQL?
  22. PDO MySQL: Insert multiple rows in one query
  23. How to bind LIKE values using the PDO extension?
  24. Error while using PDO prepared statements and LIMIT in query [duplicate]
  25. Warning: PDO::__construct(): [2002] No such file or directory (trying to connect via unix:///tmp/mysql.sock) in
  26. PDO LIMIT and OFFSET [duplicate]
  27. SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
  28. PHP 7 RC3: How to install missing MySQL PDO
  29. I’m getting this error code: Invalid argument supplied for foreach() [duplicate]
  30. Is a BLOB converted using the current/default charset in MySQL?

Leave a Comment