[RESOLVED] Prepared Statement Error

[Fooglmog]

I'm trying to use prepared statements to retrieve user information from my DB. I want to be able to retrieve this information based one one of multiple columns (id, user_name, activation_token). But, I'm running into an error when I try to define which column to use. Here's the code:

PHP Code:

//Retrieve complete user information by username, token or ID
function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
{
    global $mysqli,$db_table_prefix; 
    $stmt = $mysqli->prepare("SELECT 
        id,
        user_name,
        display_name,
        password,
        email,
        activation_token,
        last_activation_request,
        lost_password_request,
        active,
        title,
        sign_up_stamp,
        last_sign_in_stamp
        FROM ".$db_table_prefix."users
        WHERE
        ? = ?
        LIMIT 1");
    if($username!=NULL) {
        $stmt->bind_param("ss", "user_name", $username);
    }
    elseif($token!=NULL) {
        $column = "activation_token";
        $stmt->bind_param("ss", $column, $token);
    }
    elseif($id!=NULL) {
        $column = "id";
        $stmt->bind_param("ss", $column, $id);
    }
    
    $stmt->execute();
    $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
    while ($stmt->fetch()){
        $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
    }
    $stmt->close();
    return ($row);
} 


As you can see, I'm trying two different methods here. In username, trying to bind the first parameter as a string. When I do this, I get the error:

Fatal error: Cannot pass parameter 2 by reference

In the second case, I'm assigning the column name "activation_token" to a variable, and then using that variable to bind the first paramete. When I do this, I get the error:

Notice: Undefined variable: row

As if there's no information in the DB with the token I'm defining, so it couldn't retrieve it... but there definitely is data there.

Any help would be appreciated

[bradgrafelman]

You can't use bound parameters to define column names (or any other identifier) - only values.

[Fooglmog]

Oh, well that explains it.

And as soon as you say that, I wonder why I was trying to instead of putting those if statements above the prepare, and defining the variables up there. It's not like the column is user defined...

Thanks. I couldn't see the forest for the trees.