无论我如何重构路由,我都会从函数中得到这个错误:(2/2)QueryException SQLSTATE [HY000]:一般错误:1接近“?”:语法错误(SQL:select * from product order by manufacturer asc )。
我使用的代码如下:
function get_sort($type,$sort){
$sql = "select * from product order by ? ?";
$products = DB::select($sql,array($type,$sort));
return $products;
}
您无法在预准备语句中绑定关键字和列。最好使用某种白名单。
$columns = ['id', 'name', 'price'];
$type = in_array($type, $columns) ? $type : 'name';
$sort = $sort === 'DESC' ? 'DESC' : 'ASC';
$sql = "select * from product order by $type $sort";