CodeIgniter不支持准备语句。如果你看看CI的Database类的源代码，你会看到他们解决绑定简单地用传递数组中的数据替换问号：

CodeIgniter does not support Prepared Statements. If you look at the sourcecode for CI's Database class, you will see that they resolve bindings simply by replacing the question marks with the data from the passed array:

• https://github.com/EllisLab/CodeIgniter/blob/ development / system / database / DB_driver.php＃L874

• https://github.com/EllisLab/CodeIgniter/blob/develop/system/database/DB_driver.php#L874

它们仅支持使用未命名占位符的查询绑定。请参见 http://ellislab.com/codeigniter/user-guide/database/queries.html

They only support Query Binding with unnamed placeholders. See http://ellislab.com/codeigniter/user-guide/database/queries.html

查询绑定

Query Bindings

绑定可让您简化查询语法，系统将查询集中在一起。考虑下面的例子：

Bindings enable you to simplify your query syntax by letting the system put the queries together for you. Consider the following example:

$sql = "SELECT * FROM some_table WHERE id = ? AND status = ? AND author = ?";
$this->db->query($sql, array(3, 'live', 'Rick'));

查询中的问号会自动替换为数组中第二个参数中的值查询功能。

The question marks in the query are automatically replaced with the values in the array in the second parameter of the query function.

和 http://ellislab.com/forums/viewthread/105112/#528915

虽然CI不支持准备语句，它支持查询绑定。使用预准备语句，你必须调用一些类型的prepare（）函数，然后调用某种类型的execute（）函数。使用查询绑定，你只需要调用一个函数，它基本上做同样的事情。因此，我喜欢查询绑定比预准备语句更好。

Even though CI doesn’t support prepared statements, it does support Query Bindings. With prepared statements you have to call some type of prepare() function and then some type of execute() function. With query bindings, you only have to call one function and it basically does the same thing. Because of this, I like query bindings better than prepared statements.

在sidenote上，将？更改为： foo 只是从未命名绑定到命名绑定（其中CI显然不支持任何绑定）。只是因为你使用或不意味着你准备的语句。​​

On a sidenote, changing ? to :foo is merely changing from unnamed to named bindings (which CI apparently does not support either). Just because you use either or doesn't mean you are preparing the statements.