Hi All,
Can someone please enlighten me how to use parameter binding correctly with the following scenario?
redbean works fine when I simply pass php variables directly as part of the query.
$results = R::find("merchant_product", "title like '%$val%' order by title LIMIT " . ($page-1)*$limit . ",$limit");
Since it's not safe to do so (due to sql injection), hence I tried parameter binding
$results = R::find("merchant_product", "title like ? order by title LIMIT ?,?",array('%'.$val.'%',(($page-1)*$limit),$limit));
But it's failing with error message:
RedBeanPHP\RedException\SQL: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''25' -- keep-cache' at line 1 in C:\wamp\www\topbestpriceuk\compare\lib\rb.php on line 735
* note that $limit is 25 in this case
Your help appreciated, thanks!