开发者

Mysqli Prepare Statements + Binding Order BY

I am having a small issue with the mysqli_stmt prepare function. Here is my query:

$params = array(
    "sisi",
    "some_string",
    5000,
    "date_added DESC"
);

$sql = "SELECT *
        FROM scenes
    开发者_Go百科    WHERE scene_title LIKE ?
        AND scene_id > ?
        ORDER BY ?
        LIMIT ?";

Now when i bind the params to the array like this (i have a valid mysqli_stmt object instantiated):

call_user_func_array(array($this->mysql_stmt, 'bind_param'), $params);

The order by is not binded. I read on php.net (http://ca3.php.net/manual/en/mysqli.prepare.php)

The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.

However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign.

Is there a way around this or am i going to have to use mysql_real_escape_char() for the ORDER BY clause?


As the php.net link you found states, you cannot use bind variables for identifiers. You'll need a workaround. mysql_real_escape_char would certainly be one way.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜