I am having a small issue with the mysqli_stmt prepare function. Here is my query:
$params = array(
"sisi",
"some_string",
5000,
"date_added DESC"
);
$sql = "SELECT *
FROM scenes
WHERE scene_title LIKE ?
AND scene_id > ?
ORDER BY ?
LIMIT ?";
Now when i bind the params to the array like this (i have a valid mysqli_stmt object instantiated):
call_user_func_array(array($this->mysql_stmt, 'bind_param'), $params);
The order by is not binded. I read on php.net (http://ca3.php.net/manual/en/mysqli.prepare.php)
The markers are legal only in certain
places in SQL statements. For example,
they are allowed in the VALUES() list
of an INSERT statement (to specify
column values for a row), or in a
comparison with a column in a WHERE
clause to specify a comparison value.
However, they are not allowed for
identifiers (such as table or column
names), in the select list that names
the columns to be returned by a SELECT
statement, or to specify both operands
of a binary operator such as the =
equal sign.
Is there a way around this or am i going to have to use mysql_real_escape_char() for the ORDER BY clause?
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
