Hi all, I was wondering if it is possible to create a prepared statement where the table name is a variable? I have written the following which works fine, but want to know if I can interchange the sql table with a variable: $status = 'Y'; if($get_rows = $mysqli->prepare("SELECT id, field1, field2, field3, field4, field5, field6 FROM myTable WHERE field7=? ORDER BY field8 DESC")); { // Bind a variable to the parameter as an integer. $get_rows->bind_param("s", $status); // Execute the statement $get_rows->execute(); // Store result $get_rows->store_result(); // Get the variables from the query. $get_rows->bind_result($id, $field1, $field2, $field3, $field4, $field5, $field6); // While the rows are being returned while ($get_rows->fetch()) { ... } } Any help would be greatly appreciated. Thanks!
You can't do a prepared varibale for the table name in PDO, but this Stack Overflow has some insight in how you can make it safe if you want to use variables - personally, I just use the actual table names, but hey. http://stackoverflow.com/questions/182287/can-php-pdo-statements-accept-the-table-name-as-parameter