Hey guys, question if this is possible or not, maybe I'm not doing something right.
I'm trying to use a prepared statement where the column is prepared
i.e.
SELECT ? FROM users
Now this normally works if I put
SELECT id FROM users
But doing the first statement, the value is the column name.
id = id
0 = 0
What am I doing wrong, or is this possible?
Thanks
No you can't bind column names or table names.
Here's more info Escaping column names in PDO statements
A prepared statement can only replace value in the statement not field nor column name, this is because prepared statement are kind of precompiled and optimized in function of the whole statement except the value.
so this is possible:
SELECT id FROM users WHERE name=?
but not this:
SELECT ? FROM users WHERE name='john'
SELECT id FROM ? WHERE name='john'
SELECT id FROM users WHERE ?='john'
来源:https://stackoverflow.com/questions/5583589/pdo-select-using-a-prepared-statement-returns-column-name