MySQL Placeholders and Order By
Permalink
I am trying to use place holders on the Order By portion a query. I can use the question mark for the Where part of the query, like this:
But if I try to add some questions marks so I can pass different data to the Order By it doesn't work, the results are not ordered correctly:
When the query is a GetALL is there a concern for injection? I saw some examples in the core that have lead me to believe this might be OK:
The above code does what I want to do, but is it a safe way to do it? Any suggestions?
-thanks
$faqs = $db->GetAll('SELECT * from WebliQuestions WHERE category = ? ORDER BY author desc', array($category))
But if I try to add some questions marks so I can pass different data to the Order By it doesn't work, the results are not ordered correctly:
$faqs = $db->GetAll('SELECT * from WebliQuestions WHERE category = ? ORDER BY ? ?', array($category, 'author', 'desc'));
When the query is a GetALL is there a concern for injection? I saw some examples in the core that have lead me to believe this might be OK:
if($category == 1){ $query = 'SELECT * from WebliQuestions ORDER BY ' . $this->sortBy . ' ' . $this->sortByDirection; } else { $query = 'SELECT * from WebliQuestions WHERE category = ' . $this->category. ' ORDER BY ' . $this->sortBy . ' ' . $this->sortByDirection; } $results = $db->GetAll($query);
The above code does what I want to do, but is it a safe way to do it? Any suggestions?
-thanks
