PDO bindValue problem

spamyboy

function update_user($user_id, $array) {
		$result	= $this->db->prepare("UPDATE `gcms_user`
									 SET ?=?
									 WHERE `user_id`=?;");
			$result->bindValue(3,	$user_id,	PDO::PARAM_INT);
		foreach ($array as $key=>$value) {
			$result->bindValue(1,	$key,		PDO::PARAM_STR); // Problem here
			$result->bindValue(2,	$value,		PDO::PARAM_STR);
			$result->execute();
		}
	}

Problem is basic. Query is generated like "UPDATE gcms_user SET 'key_or_1_var'='value_or_2_var' WHERE user_id='#id#';"
So basically key_or_1_var is taken as variable since it is with '' and how to change that to ``?

laserlight

I believe the binding is only to values, not column names, so what you are asking for is not possible. I reason that this is so because the choice of a different column could change the way the query should be evaluated, thus the statement must be prepared again.

Weedpacket

Doing multiple UPDATE statements when just one would to is extremely wasteful anyway.
Build the statement first (making an array $keys containing "$key=?" for each $key in array_keys($array)) and using "... SET ".join(',', $keys)." WHERE...") then prepare that and bind all of the values to it.