I don't think that you are using bind_param
properly since you are excluding the $types
argument, which must come first. However, these are used for parameters (e.g. the value for show = ?
). You would not use parameters for parts of the query structure such as keywords. You have to concatenate the string to the query itself. If you are worried about security, do the concatenation explicitly, e.g.
if ($way == 'ASC') {
$query .= "ASC";
}
else {
$query .= "DESC";
}
bind_param
will add quotes around the parameter making the query invalid (ORDER BY 'ASC'
)