PDO fetchAll() returns an empty array

Question

in my code im trying to get data from my db with PDO and bind params but i keep on getting empty array, this is my code :

try{
    $pdo =new PDO('mysql:host=localhost;dbname=***', '***','***');
    $pdo->setAttribute(pdo::ATTR_ERRMODE,
                  pdo:: ERRMODE_EXCEPTION);
    $pdo->query('set names "utf8"');
}
catch (PDOException $e) {
   die('error connectin database');
}
$table = 'products';
$column = 'id';
$niddle = '70';
$sql = "SELECT * FROM `{$table}` WHERE ";
$sql .= ":column LIKE :niddle";
$pre = $pdo->prepare($sql);
$pre->bindParam(':column', $column ,PDO::PARAM_STR);
$pre->bindParam(':niddle', $niddle, PDO::PARAM_STR);
$result = $pre->setFetchMode(PDO::FETCH_ASSOC);
$pre->execute();
print_r($pre->fetchAll());

there is no exeption thrown, what could be the problem?

Duplicate of Can I use a PDO prepared statement to bind an identifier (a table or field name) or a syntax keyword? — Your Common Sense
– Your Common Sense, Commented Apr 27, 2013 at 13:01
I guess the $column would be surrounded by quotes like "id" which is unnecessary. Are you sure the $needle returns the String ? — user1376704
– user1376704, Commented Apr 27, 2013 at 14:30

Ray · Accepted Answer · 2013-04-27 13:03:14Z

1

You should not bind the column name as a prepared statement parameter string as it will quote the column name. Do like you do with the table name just use it-- after whitelisting it.

answered Apr 27, 2013 at 13:03

Ray

41.6k22 gold badges110 silver badges143 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

PDO fetchAll() returns an empty array

1 Answer 1

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related