Mysqli SELECT ? (bind_param)

Question

I am trying to query the data in a column dependent on the variable $garment. The query works until I try to bind the parameter $garment . Any idea what I\'m doing wrong?

<

Answer 1

That happens because with prepared statements you only can build values (not identifiers). That's it

SELECT ? 

becomes

SELECT 'somevalue'

The first code is the correct one but to be safe you must ensure that the $garment variable value is whitelisted.