How to use prepare() with dynamic column names?

✔ Recommended Answer

You could use a list of "approved" values instead, that way you're not really using user data inside a query. Something like this:

$Approved = array ('firstname', 'lastname', 'birthdate') ;$Location = array_search($ColumnName, $Approved) // Returns approved column location as intif($Location !== FALSE) {    // Use the value from Approved using $Location as a key    $Query = $wpdb->Prepare('SELECT ' . $Approved[$Location] . ' FROM myTable WHERE user_id=:userid');    $Query->Execute(array(        :userid => $current_user->user_login    ));    return $Query;} else {    return false;}

Maybe it might be easier to just get all (SELECT * or SELECT a,b,c,d) of the user data and save it to session to use later?

Source: stackoverflow.com

Answered By: Lin Meyer

Method #2

In PHP, you can use parameterized queries to safely and effectively use dynamic column names with prepare(). Here's an example:

php
<?php

// define your dynamic column name
$column_name = "your_column_name";

// build your SQL query using parameterized placeholders for the column name and other values
$query = "SELECT * FROM your_table WHERE {$column_name} = ?";

// create a connection to your database
$pdo = new PDO('pgsql:host=your_host;dbname=your_database_name', 'your_username', 'your_password');

// prepare the query
$stmt = $pdo->prepare($query);

// bind the parameter to the query and execute it
$stmt->execute(['your_parameter_value']);

// fetch the results
$results = $stmt->fetchAll();

// close the statement and connection
$stmt->closeCursor();
$pdo = null;

?>

In this example, we first define our dynamic column name as $column_name. Then, we build our SQL query using parameterized placeholders (?) for the column name and any other values that will be passed as parameters. We then create a PDO connection to our database and prepare the query using $pdo->prepare(). Finally, we bind the parameter to the query using $stmt->execute() and fetch the results using $stmt->fetchAll(). Once we're done, we close the statement using $stmt->closeCursor() and close the connection by setting $pdo to null.

Comments

Post a Comment

Most Popular

Remove Unicode Zero Width Space PHP

✔ Recommended Answer This: $newBody = str_replace("&#8203;", "", $newBody); presumes the text is HTML entity encoded. This: $newBody = str_replace("\xE2\x80\x8C", "", $newBody); should work if the offending characters are not encoded, but matches the wrong character (0xe2808c). To match the same character as #8203; you need 0xe2808b: $newBody = str_replace("\xE2\x80\x8B", "", $newBody); Source: stackoverflow.com Answered By: Jef Method #2 To remove Unicode zero width space (ZWSP) from a string in PHP, you can use the str_replace() function to replace the ZWSP character with an empty string. Here's an example: php $str = "Hello&ZeroWidthSpace; World" ; // Contains ZWSP after "Hello" // Replace ZWSP with an empty string $str = str_replace ( "\u{200B}" , "" , $str ); echo $str ; // Outputs "Hello World" without ZWSP In this example, the str_replace() functi
Read more

PhpStorm, return value is expected to be 'A', 'object' returned

Image
✔ Recommended Answer Has to be because object can be ANY class instance, even B etc. You can annotate the create() method with generics PHPDoc to tell that the return type will be the same as the input parameter class string. It gives more context info to the IDE. /** * @template T * * @param string $class * @return T */ private function create(string $class) : object { return new $class(); } P.S. Instead of create('B'); better use create(B::class) . This way the IDE can track the usages of that class for refactoring/search purposes etc. Source: stackoverflow.com Answered By: LazyOne Method #2 This error message suggests that your code is expecting a value of type 'A' to be returned, but instead, the code is returning an object. This error can occur in PhpStorm, or any other PHP development environment. To resolve this error, you should check the function or method that is returning the object and ensure that it is returning
Read more

Laravel file upload returns forbidden 403, file permission is 700 not 755

✔ Recommended Answer The issue you are facing could be due to incorrect file permissions for the storage folder. Here are some steps to fix the problem: SSH into your cPanel server. Change the permission of the storage folder to 755: chmod -R 755 storage/ This command will change the permission of the storage folder and all its contents to 755, which should give the web server permission to read and write to the folder. Check the ownership of the storage folder. Ensure that the owner of the folder is the same as the user running the web server (typically www-data on Apache): ls -l This command will list the files and folders in the current directory along with their ownership and permission details. Make sure that the owner of the storage folder is the same as the user running the web server. If the ownership is incorrect, you can change it using the following command: chown -R www-data:www-data storage/ This command will change the ownership of the storage folder and all its conten
Read more