Passing an operator as a parameter to odbc_execute()

I am taking my first tentative steps into prepared statements (and falling flat on my face).

Previously, I built the following fro开发者_JS百科m $_GET and echoed it back - the code was working fine and it returned what I expected from my simple test database.

SELECT * FROM edit_box WHERE (tag="9") AND (text="mango") ORDER BY time_stamp DESC

and when I try to code it using a prepared statement, even if I don't use $_GET but just hard-code the values from the previous, my code looks like this

$odbc_query = OdbcPrepare('SELECT * FROM edit_box WHERE (tag="?")' .
                          ' AND (text ? "?") ORDER BY time_stamp DESC');
           
$odbcResult = odbc_exec($odbc_query, array('9',  '=', 'mango'));  
var_dump($odbcResult);

I get NULL.

Obviously a beginner mistake, but I stare at it and still don't say d'oh!

What am I doing wrong?

---

You cannot do this --

AND (text ? "?")

Parameters, like this, can usually only be passed for actual values - and in some cases identifiers...

To do what you want you need to interpolate the '=' inline into the SQL statement...

Kind of, like this --

$logical_operator = '=';

$sql = SELECT * FROM edit_box WHERE (tag=\"?\") AND (text $logical_operator \"?\") ORDER BY time_stamp DESC');

$odbc_query = OdbcPrepare($sql);

$odbcResult = odbc_exec($odbc_query, array('9', 'mango'));