Need Help with Parameter Binding

[David Tan]

Hi All,

Can someone please enlighten me how to use parameter binding correctly with the following scenario?

redbean works fine when I simply pass php variables directly as part of the query.

$results = R::find("merchant_product", "title like '%$val%' order by title LIMIT " . ($page-1)*$limit . ",$limit");

Since it's not safe to do so (due to sql injection), hence I tried parameter binding

$results = R::find("merchant_product", "title like ? order by title LIMIT ?,?",array('%'.$val.'%',(($page-1)*$limit),$limit));

But it's failing with error message:

RedBeanPHP\RedException\SQL: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''25' -- keep-cache' at line 1 in C:\wamp\www\topbestpriceuk\compare\lib\rb.php on line 735

* note that $limit is 25 in this case

Your help appreciated, thanks!