This question already has an answer here:
I'm trying to INSERT a PDO Prepared statement and make it secure. I have one working example and the trouble comes with the EXECUTE() when I add a 2nd Variable into the array. MySQL v5.5.60
$Table = "devices";
$Name = "Garage Door";
Does not work
function allResults($Table, $Name) {
$pdo = Database::connect();
$sql = $pdo->prepare("SELECT * FROM :table WHERE Name = :name ORDER BY ID DESC");
$sql->execute([':name' => $Name, ':table' => $Table]);
$data = $sql->fetch(PDO::FETCH_ASSOC);
return $data;
}
Does not work
function allResults($Table, $Name) {
$pdo = Database::connect();
$sql = $pdo->prepare("SELECT * FROM :table WHERE Name = :name ORDER BY ID DESC");
$sql->execute(array(':name' => $Name, ':table' => $Table));
$data = $sql->fetch(PDO::FETCH_ASSOC);
return $data;
}
Works!
function allResults($Table, $Name) {
$pdo = Database::connect();
$sql = $pdo->prepare("SELECT * FROM $Table WHERE Name = :name ORDER BY ID DESC");
$sql->execute(array(':name' => $Name));
$data = $sql->fetch(PDO::FETCH_ASSOC);
return $data;
}
Thanks
</div>