MySQLi prepare result not as expected

Question

I am trying to retrieve one result from my database table 'members' using a prepared call.

$favid = 1;
$type = "favdeal";
$action = 1;
$user_id = 1;

$stmt = $mysqli->prepare("SELECT ? FROM members WHERE id=?");
$stmt->bind_param('ss', $type, $user_id);
$stmt->execute();
$stmt->bind_result($favs);
while ($stmt->fetch()) {
    print($favs);
}
$stmt->close();

This is the only way i managed to get any kind of result.

The table has a column called 'favdeal' which has a value of '2' in it. The result printed returns the name of the column not the value.

So my question is how do i get the value '2' instead of the name of the column?

Answer 1

You can't bind columns (or tables) from doing a SELECT as you have in SELECT ?.

• Select an actual column.

Or, if you want to do it dynamically, you need to use a variable.

Example: SELECT $type <= that is allowed.

However, column names can be binded when using a WHERE clause.

Example: SELECT column FROM table WHERE column=?
which you are presently using => WHERE id=?

Consult the manual on bind_param()

• http://www.php.net/manual/en/mysqli-stmt.bind-param.php

---

Footnotes:

If you happen to use an MySQL reserved word (it could happen), you will need to wrap your column's variable with backticks.

For example: (if using $type="from";) "from" being a reserved word.

SELECT `$type` FROM members WHERE id=?

For a list of MySQL reserved words, visit the following page:

• http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html