I have a little problem with mysqli_stmt prepare function. Here is my request:
$params = array( "sisi", "some_string", 5000, "date_added DESC" ); $sql = "SELECT * FROM scenes WHERE scene_title LIKE ? AND scene_id > ? ORDER BY ? LIMIT ?";
Now, when I bind params to an array like this (I have a valid mysqli_stmt object instantiated):
call_user_func_array(array($this->mysql_stmt, 'bind_param'), $params);
The order is not tied. I read on php.net ( http://ca3.php.net/manual/en/mysqli.prepare.php )
Markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES () list of the INSERT statement (specify column values ββfor a row) or in comparison with a column in WHERE to indicate a comparison value.
However, they are not allowed identifiers (such as a table or column names) in a select list that contains column names returned by SELECT or specify both operands of a binary operator such as = equal sign.
Is there a way around this or will I have to use mysql_real_escape_char () for an ORDER BY clause?
source share