Home » Php » Can PHP PDO Statements accept the table or column name as parameter?

Can PHP PDO Statements accept the table or column name as parameter?

Posted by: admin October 18, 2018 Leave a comment

Questions:

Why can’t I pass the table name to a prepared PDO statement?

$stmt = $dbh->prepare('SELECT * FROM :table WHERE 1');
if ($stmt->execute(array(':table' => 'users'))) {
    var_dump($stmt->fetchAll());
}

Is there another safe way to insert a table name into a SQL query? With safe I mean that I don’t want to do

$sql = "SELECT * FROM $table WHERE 1"
Answers: