bindParam() not working

It’s pretty simple and straight forward:




$id = 1002;

$tableName = "stock";

$idName = "stock_id";  

$storeName = "db";                                                          


//Create statement.

$sql = 'SELECT * 

        FROM :tableName 

        WHERE :idName = :id 

        LIMIT 1';


//Create command.

$command = Yii::app()->$storeName->createCommand($sql);


//Bind all my parameters.

$command->bindParam( ":tableName", $tableName, PDO::PARAM_STR );

$command->bindParam( ":idName", $idName, PDO::PARAM_STR );

$command->bindParam( ":id", $id, PDO::PARAM_INT );


//Execute query                                                        

$model = $command->query();  



I get:

I don’t get it, I checked online for the syntax and exemples, I tried permutations with bindValue()… Still same error. <_<

Any idea!? :blink:

hi

use this code




//Create statement.

$sql = 'SELECT * 

        FROM '.Stock::model()->tableName().' 

        WHERE :idName = :id 

        LIMIT 1';




i hope useful

Thank you for your answer. But all this goes into a REST API so I want to keep everything as dynamic as I can. So dynamic query and without ActiveRecord for now…

Either way it doesn’t change the nature of the problem. Please note that:


$sql = 'SELECT * 

        FROM $tableName 

        WHERE $idName = $id

        LIMIT 1';

Works flawlessly, but is a big security hole.

The [color="#0000FF"]$command->bindParam( ":id", $id, PDO::PARAM_INT );[/color] WORKS

but

[color="#0000FF"]$command->bindParam( ":idName", $idName, PDO::PARAM_STR );[/color]

OR [color="#0000FF"]$command->bindParam( ":tableName", $tableName, PDO::PARAM_STR ); [/color]

For some reason give me problems :confused:

Someone have an idea? :)