Hi I have a simple method for updates and am using the PDO driver. If I structure the SQL without bound parameter then the update works however when bound parameters don’t work.
Here is the output of $stmt after the prepare statement
object(PDOStatement)#16 (1) { ["queryString"]=> string(40) "UPDATE users SET ? Where uid_number = ?" }
Can you give me some suggestions on how to troubleshoot this? I have already verified that it is a valid PDO object, and that the properties are set with the correct values. No errors are reported.
On one of my older pieces of code I do this and it works:
if ($this->end_id == NULL){
$this->stmt = $this->dbc->prepare("SELECT * FROM " . $this->table_name . ' WHERE id >= :start_id');
$this->stmt->bindParam(':start_id', $this->start_id);
} else { // get range of ids
$this->stmt = $this->dbc->prepare("SELECT * FROM " . $this->table_name . ' WHERE id >= :start_id AND id <= :end_id');
$this->stmt->bindParam(':start_id', $this->start_id);
$this->stmt->bindParam(':end_id', $this->end_id);
Here the values are the only things being bound and the column is explicitly written out. I guess given the fact that the string_sql typecast as a string is not enough?
Shouldn’t I be able to make other parts of your query variable (e.g. column name, table name, SQL keywords, or whole SQL expressions), using a built dynamic SQL query as a string, and interpolate PHP variables or expressions into the string?
Yes, you can do that. The problem is in your code. You are trying to directly execute a query with a question mark in it without using prepared statements or binding anything to that value…
I am using a container so my update call may be different than the way you might like to set it up, but for the record here how I call update once the properties are set: