@igor_g i already know that setting it that way works but there is no binding there and is more like a direct sql not a prepared statement.

Even if i use

$mygive = $con->prepare("SELECT * FROM givetable WHERE ip = ?"); $mygive->bind_param('s', $givevalue);

This code works but it left the WHERE clause vulnerable to sql injection since it was not binded. So i want to bind both the where and its value.

I know that have something like this WHERE ? = ?

Makes it look like an equal to, and which is wrong, so what should i do to bind it properly