Now I was able to learn from someone's comment here on Stack Overflow that PDO doesn't work with Non-Assigned Parameters, but now I need it I couldn't find that Comment anymore. This is what I mean:
$sql = "SELECT * FROM posts ORDER BY id DESC LIMIT $start, $limit";
$stmt = $con->prepare($sql);
$stmt->execute();
Now I am trying to Re-write this Query Statement in Proper PDO. $start and $limit are Variables whose data are sent from an AJAX SCRIPT. Its supposed to limit the fetch result in an Infinite Scroll PHP Script. But I'm well aware of MYSQL INJECTIONS so if someone is able to Manipulate my Javascript Code and send ";DELETE * FROM posts instead of a number it'll be Catastrophic. So i've been tolling the Internet finding a Solution. A Proper PDO should be
$sql = "SELECT * FROM posts ORDER BY id DESC LIMIT :Start, :Limit";
OR
$sql = "SELECT * FROM posts ORDER BY id DESC LIMIT ?, ?";
But for some reasons they won't work. Any help will be appreciated. Thanks in Advance!
