I don't think you can : Use placeholders in an order by clause Bind column names : you can only bind values -- or variables, and have their value injected in the prepared statement.
If I'm not entirely mistaken, Pascal is right. The only binding possible in PDO is the binding of values, as you did with the ':my_param' parameter. However, there's no harm done in: $stmt = $db->prepare("SELECT field from table WHERE column = :my_param ORDER BY ".
$order . " ". $direction); $stmt->bindParam(':my_param', $is_live, PDO::PARAM_STR); $stmt->execute(); The only thing to take notice of would be the correct escaping of $order and $direction, but since you set them manually and didn't set them via user input, I think you're all set.
I don't think you can get ASC/DESC as part of the prepared statement, but the column you can. Order by case :order when 'colFoo' then colFoo when 'colBar' then colBar else colDefault end $direction Since ASC/DESC is only two possible values, you can easily validate and select between them as hardcoded values. You could also make use of the ELT(FIELD(,,,,,),,,,,) functions for this, but then ordering will always be done as a string, even if it's a numeric column.
Here comes the question shows that widely loved prepared statements is not the silver bullet, hehe :) Yes, you're stuck inserting it directly in the SQL With some precautions, of course. Every operator/identifier must be hardcoded in your script, like this: $orders=array("name","price","qty"); $key=array_search($_GET'sort',$orders)); $order=$orders$key; $query="SELECT * from table WHERE is_live = :is_live ORDER BY $order"; Same for direction. Note that bindParam does no escaping, as no escaping needed at all.It does binding.
It seems to allow it, but it puts quotes around my parameters even if I use PDO::PARAM_INT or PDO::PARAM_BOOL as the data type. If this won't work, how can I safely escape my variables so that I can interpolate them in the query?
I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.