我对
mysqli_stmt prepare函数有一个小问题.这是我的查询:
$params = array( "sisi","some_string",5000,"date_added DESC" ); $sql = "SELECT * FROM scenes WHERE scene_title LIKE ? AND scene_id > ? ORDER BY ? LIMIT ?";
现在当我将params绑定到这样的数组时(我有一个有效的MysqLi_stmt对象实例化):
call_user_func_array(array($this->MysqL_stmt,'bind_param'),$params);
订单没有绑定.我在PHP.net上阅读(http://ca3.php.net/manual/en/mysqli.prepare.php)
The markers are legal only in certain
places in sql statements. For example,
they are allowed in the VALUES() list
of an INSERT statement (to specify
column values for a row),or in a
comparison with a column in a WHERE
clause to specify a comparison value.However,they are not allowed for
identifiers (such as table or column
names),in the select list that names
the columns to be returned by a SELECT
statement,or to specify both operands
of a binary operator such as the =
equal sign.
有没有办法绕过这个或者我将不得不使用MysqL_real_escape_char()作为ORDER BY子句?