-4

I have this function. 

public function selection($table, $condition_var,$condition_val)
    {
        if ($condition_var != '') {

           $stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var=.":".$condition_var. " ");
           $stm->bindParam(":".$condition_var, $condition_val);
          return $stm->execute();
        }

    }

I am getting here in this below line 

$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var=.":".$condition_var. " ");

dont know what I am doing wrong here. kindly please check

Improve this question
3
  • A rogue = in $condition_var=." Commented Dec 4, 2014 at 19:39
  • I really hope all of these input parameters are carefully restricted. Commented Dec 4, 2014 at 20:44
  • is that something wrong here? Commented Dec 4, 2014 at 20:55

2 Answers 2

Reset to default
2

Please refer to this: http://php.net/manual/en/pdostatement.bindparam.php

$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var."=:condition_val");
$stm->bindParam(":condition_val", $condition_val);
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

hello sir I want to use the same variable on both end like this $condition_var =:$condition_var
so, your column name and value are the same?
no at column i am using the string variable and for the column value i am sending some value $condition_val
binding parameters actually assigns the variable. And then you need to use that assigned variable in your query.
-1 
$stm = $this->dbh->prepare("SELECT * FROM " . $table . " WHERE " . $condition_var . " = :param");
$stm->bindParam(":param", $condition_val);
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.