i have been tasked search database using pdo prepared select statement have been given looks this
select * ? ? = '?'
i have managed pdo conduct search totally incorrect, ive tried use examples have seen on here nothing seems job here how temp fixed search me
try { //create array of prepared sql commands select * db tables avoiding sql injection $sql = $dbh->prepare("show tables"); $sql->execute(); if ( $sql->columncount() > 0 ) { while ($row = $sql->fetch() ) //$sqls[ $row[0] ] = "select * " . $row[0] . ";"; $sqls[ $row[0] ] = "select * " . $row[0] . " $fieldname = '?';"; $sql = $dbh->prepare($sqls[$tablename]); $sql->execute() }
and here attempt use "?"
try { //create array of prepared sql commands select * db tables avoiding sql injection $sql = $dbh->prepare("show tables"); $sql->execute(); if ( $sql->columncount() > 0 ) { while ($row = $sql->fetch() ) //$sqls[ $row[0] ] = "select * " . $row[0] . ";"; $sqls[ $row[0] ] = "select * ? '?' = '?';"; $sql = $dbh->prepare($sqls[$tablename]); $sql->bindparam(1,$tablename); $sql->bindparam(2,$fieldname); $sql->bindparam(3,$celldata); $sql->execute() }
this of course didn't work, tried 's' method bind parameter didn't work either know there's [ $row[0] ]
understand goes first row of table, not understand fits in goal of creating this
select * ? ? = '?'
any or pointers in right direction appreciated, thank
Comments
Post a Comment