Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2023-06-01 04:52:02 +0000

devzero gravatar image

When using prepare() with changing/variable column names, you can use placeholders to replace the column names with variables at runtime. For example:

$column_name = "my_column_name"; // variable column name
$sql = "SELECT * FROM my_table WHERE $column_name = :value"; // using a placeholder for $column_name
$stmt = $pdo->prepare($sql);
$stmt->bindValue(':value', $value);
$stmt->execute();

Here, the $columnname variable is used in the SQL query as a placeholder instead of directly concatenating it into the query string. At runtime, the value of $columnname is replaced with the actual column name, and the query is executed with the bound parameter value. This approach helps to prevent SQL injection attacks and allows for more dynamic and flexible queries.


Copyright QStack.ai, 2010-2023. Content on this site is licensed under the Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | contact