gpt4 book ai didi

php - Mysqli 准备语句 + 绑定(bind) Order BY

转载 作者:可可西里 更新时间:2023-10-31 23:50:27 25 4
gpt4 key购买 nike

mysqli_stmt prepare 函数有一个小问题。这是我的查询:

$params = array(
"sisi",
"some_string",
5000,
"date_added DESC"
);

$sql = "SELECT *
FROM scenes
WHERE scene_title LIKE ?
AND scene_id > ?
ORDER BY ?
LIMIT ?";

现在,当我像这样将参数绑定(bind)到数组时(我实例化了一个有效的 mysqli_stmt 对象):

call_user_func_array(array($this->mysql_stmt, 'bind_param'), $params);

订单不受约束。我在 php.net ( http://ca3.php.net/manual/en/mysqli.prepare.php ) 上阅读

The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list of an INSERT statement (to specify column values for a row), or in a comparison with a column in a WHERE clause to specify a comparison value.

However, they are not allowed for identifiers (such as table or column names), in the select list that names the columns to be returned by a SELECT statement, or to specify both operands of a binary operator such as the = equal sign.

有没有办法解决这个问题,或者我是否必须对 ORDER BY 子句使用 mysql_real_escape_char()?

最佳答案

正如您找到的 php.net 链接所述,您不能将绑定(bind)变量用作标识符。你需要一个解决方法。 mysql_real_escape_char 肯定是一种方式。

关于php - Mysqli 准备语句 + 绑定(bind) Order BY,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/4741845/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com