php – Mysqli准备语句绑定顺序BY

前端之家收集整理的这篇文章主要介绍了php – Mysqli准备语句绑定顺序BY前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我对 mysqli_stmt prepare函数有一个小问题.这是我的查询
$params = array(
    "sisi","some_string",5000,"date_added DESC"
);

$sql = "SELECT *
        FROM scenes
        WHERE scene_title LIKE ?
        AND scene_id > ?
        ORDER BY ?
        LIMIT ?";

现在当我将params绑定到这样的数组时(我有一个有效的MysqLi_stmt对象实例化):

call_user_func_array(array($this->MysqL_stmt,'bind_param'),$params);

订单没有绑定.我在PHP.net上阅读(http://ca3.php.net/manual/en/mysqli.prepare.php)

The markers are legal only in certain
places in sql statements. For example,
they are allowed in the VALUES() list
of an INSERT statement (to specify
column values for a row),or in a
comparison with a column in a WHERE
clause to specify a comparison value.

However,they are not allowed for
identifiers (such as table or column
names),in the select list that names
the columns to be returned by a SELECT
statement,or to specify both operands
of a binary operator such as the =
equal sign.

有没有办法绕过这个或者我将不得不使用MysqL_real_escape_char()作为ORDER BY子句?

由于您找到了PHP.net链接状态,因此不能将绑定变量用于标识符.你需要一个解决方法. MysqL_real_escape_char肯定是单向的.

猜你在找的PHP相关文章