The Note You're Voting On
logos-php at kith dot org ¶ 13 years ago
Note that if you're using a question mark as a placeholder for a string value, you don't surround it with quotation marks in the MySQL query.
For example, do this:
mysqli_stmt_prepare($stmt, "SELECT * FROM foo WHERE foo.Date > ?");
Do not do this:
mysqli_stmt_prepare($stmt, "SELECT * FROM foo WHERE foo.Date > '?'");
If you put quotation marks around a question mark in the query, then PHP doesn't recognize the question mark as a placeholder, and then when you try to use mysqli_stmt_bind_param(), it gives an error to the effect that you have the wrong number of parameters.
The lack of quotation marks around a string placeholder is implicit in the official example on this page, but it's not explicitly stated in the docs, and I had trouble figuring it out, so figured it was worth posting.