Mysqli Prepare Statements + Binding Order BY
I am having a small issue with the mysqli_stmt prepare function. Here is my query:
$params = array(
"sisi",
"some_string",
5000,
"date_added DESC"
);
$sql = "SELECT *
FROM scenes
开发者_Go百科 WHERE scene_title LIKE ?
AND scene_id > ?
ORDER BY ?
LIMIT ?";
Now when i bind the params to the array like this (i have a valid mysqli_stmt object instantiated):
call_user_func_array(array($this->mysql_stmt, 'bind_param'), $params);
The order by is not binded. I read on php.net (http://ca3.php.net/manual/en/mysqli.prepare.php)
The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.
However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign.
Is there a way around this or am i going to have to use mysql_real_escape_char() for the ORDER BY clause?
As the php.net link you found states, you cannot use bind variables for identifiers. You'll need a workaround. mysql_real_escape_char
would certainly be one way.
精彩评论