Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I use pdo's prepared statement for order by and limit clauses?

Tags:

php

pdo

prepared-statement

I want to use a prepared statement in which the passed-in parameters are for the ORDER BY and LIMIT clauses, like so:

$sql = 'SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results';
$stmt = $dbh->prepare($sql);
$stmt->execute(array(
     'sort'  => $_GET['sort'], 
     'dir'  => $_GET['dir'], 
     'start'  => $_GET['start'],
     'results' => $_GET['results'],
     )
    );

But $stmt->fetchAll(PDO::FETCH_ASSOC); returns nothing.

Can someone point out what's the wrong thing I am doing? Can it be done? If not,what should I reference for a complete list of clauses where parameters can be used?

like image 295
user198729 Avatar asked Apr 21 '10 14:04

user198729

People also ask

What is a PDO statement?

PDO (PHP Data Objects) is an abstraction layer for your database queries and is an awesome alternative to MySQLi, as it supports 12 different database drivers. This is an immense benefit for people and companies that need it. However, keep in mind that MySQL is by far the most popular database.

Which PDO method is used to prepare a statement for execution?

Description ¶ Prepares an SQL statement to be executed by the PDOStatement::execute() method. The statement template can contain zero or more named (:name) or question mark (?) parameter markers for which real values will be substituted when the statement is executed.

1 Answers

After using :

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

I got the message :

Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''0', '10'' at line 1

So, when you use an array for execute, it consider your inputs as string which is not a good idea for LIMIT 

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "SELECT * FROM table ORDER BY :sort :dir LIMIT :start, :results";
$stmt = $dbh->prepare($sql);
$stmt->bindParam(':start', $_GET['start'], PDO::PARAM_INT);
$stmt->bindParam(':results', $_GET['results'], PDO::PARAM_INT);
$stmt->bindParam(':sort', $_GET['sort']);
$stmt->bindParam(':dir', $_GET['dir']);
$stmt->execute();

$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
print_r($data);
like image 167
Arkh Avatar answered Oct 12 '22 18:10

Arkh
Sign in to Comment

Related questions

What is the difference between delete() and unlink() in PHP
After upgrade, PHP no longer supports PNG operations
Laravel 5.2 Auth not Working
Are there any Parsing Expression Grammar (PEG) libraries for Javascript or PHP?
How can I parse Apache's error log in PHP?
Recommended server for continuous integration for a PHP project [closed]
get RSS feed into php array - possible?
Tiny PHP "standalone" server (or framework) for local debug without Apache/Nginx/Lighttpd/etc
get_class in static method and inheritance (php)
Byte manipulation in PHP
What are the differences between REPLACE, INSERT, UPDATE in MySql? [closed]
Parse error: syntax error, unexpected '.', expecting ',' or ';' [closed]
How can I run MATLAB code for isolated spoken words recognition from PHP?
Why not PDO_MySQL return integer?
Xdebug Error: "Failed loading xdebug.so: xdebug.so: cannot open shared object file: No such file or directory"
Running PHP in Windows: how to fix "PHP Startup: Unable to load dynamic library" issues?
How to pass in an empty generator parameter?
Laravel Migrations Naming Convention
What is the best practice to create a custom helper function in php Laravel 5?
Laravel 5 error SQLSTATE[HY000] [1045] Access denied for user 'forge'@'localhost' (using password: NO)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!