CodeIgniter does not support Prepared Statements. If you look at the sourcecode for CI's Database class, you will see that they resolve bindings simply by replacing the question marks with the data from the passed array:

CodeIgniter 不支持准备好的语句。如果您查看 CI 的 Database 类的源代码，您将看到它们通过用传递的数组中的数据替换问号来解析绑定：

• https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874

• https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874

They only support Query Binding with unnamed placeholders. See http://ellislab.com/codeigniter/user-guide/database/queries.html

它们仅支持带有未命名占位符的查询绑定。请参阅http://ellislab.com/codeigniter/user-guide/database/queries.html

Query Bindings

Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));

The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.

查询绑定

绑定使您可以通过让系统为您将查询放在一起来简化查询语法。考虑以下示例：

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));

查询中的问号会自动替换为查询函数第二个参数中数组中的值。

and http://ellislab.com/forums/viewthread/105112/#528915

和http://ellislab.com/forums/viewthread/105112/#528915

Even though CI doesn't support prepared statements, it does support Query Bindings. With prepared statements you have to call some type of prepare() function and then some type of execute() function. With query bindings, you only have to call one function and it basically does the same thing. Because of this, I like query bindings better than prepared statements.

尽管 CI 不支持准备好的语句，但它确实支持查询绑定。对于准备好的语句，您必须调用某种类型的 prepare() 函数，然后调用某种类型的 execute() 函数。使用查询绑定，您只需调用一个函数，它基本上做同样的事情。因此，与准备好的语句相比，我更喜欢查询绑定。

On a sidenote, changing ?to :foois merely changing from unnamed to named bindings (which CI apparently does not support either). Just because you use either or doesn't mean you are preparing the statements.

在阿里纳斯，改变?以:foo仅仅从无名到名为绑定（CI显然不支持任何）改变。仅仅因为您使用 或 并不意味着您正在准备陈述。

I came across this question as I faced a similar issue. The answer is correct that CI doesn't support prepared statements. However it doesn't meanthat you can't use prepared statements!

我遇到了这个问题，因为我遇到了类似的问题。答案是正确的，CI 不支持准备好的语句。但是，这并不意味着您不能使用准备好的语句！

In the following example I am using PDO as my connection class but the following code will work:

在以下示例中，我使用 PDO 作为我的连接类，但以下代码将起作用：

$q = $this->db->conn_id->prepare('SELECT * FROM tbl_user WHERE uid=? and activation_key=?');
$q->execute(array($param1,$param2));
print_r($q->fetchAll());

Notethe conn_id is the PDO object against which you can run your prepared statements.

注意conn_id 是 PDO 对象，您可以针对它运行准备好的语句。

What this won't allow however is for you to get the query string which the native CI functions allow. You will need something like Get Last Executed Query in PHP PDOfor that.

但是，这不允许您获取本机 CI 函数允许的查询字符串。为此，您将需要在 PHP PDO 中获取上次执行的查询之类的东西。

Further more however this doesn't stop you using the Query Builder to build your statements which you can then use in the PDO prepare. For example -

然而，这并不会阻止您使用查询生成器来构建您的语句，然后您可以在 PDO 准备中使用这些语句。例如 -

$db->where('uid = ?',null,false);
$db->where('activation_key = ?',null,false);
$q = $this->db->conn_id->prepare($db->get_compiled_select('tbl_user'));

Would build the query and would allow you to see the basic query if you output $db->get_compiled_select('tbl_user');

将构建查询并允许您在输出时查看基本查询$db->get_compiled_select('tbl_user');