$params = array( "sisi","some_string",5000,"date_added DESC" ); $sql = "SELECT * FROM scenes WHERE scene_title LIKE ? AND scene_id > ? ORDER BY ? LIMIT ?";
现在当我将params绑定到这样的数组时(我有一个有效的MysqLi_stmt对象实例化):
call_user_func_array(array($this->MysqL_stmt,'bind_param'),$params);
订单没有绑定.我在PHP.net上阅读(http://ca3.php.net/manual/en/mysqli.prepare.php)
The markers are legal only in certain
places in sql statements. For example,
they are allowed in the VALUES() list
of an INSERT statement (to specify
column values for a row),or in a
comparison with a column in a WHERE
clause to specify a comparison value.However,they are not allowed for
identifiers (such as table or column
names),in the select list that names
the columns to be returned by a SELECT
statement,or to specify both operands
of a binary operator such as the =
equal sign.
有没有办法绕过这个或者我将不得不使用MysqL_real_escape_char()作为ORDER BY子句?
原文地址:https://www.jb51.cc/php/138779.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。