How to apply bindValue method in LIMIT clause?

Question

Here is a snapshot of my code:

$fetchPictures = $PDO->prepare(\"SELECT * 
    FROM pictures 
    WHERE album = :albumId 
    ORDER BY id ASC 
    LIMIT :s         


        

Answer 1

This just as summary.
There are four options to parameterize LIMIT/OFFSET values:

1. Disable PDO::ATTR_EMULATE_PREPARES as mentioned above.

   Which prevents values passed per ->execute([...]) to always show up as strings.

2. Switch to manual ->bindValue(..., ..., PDO::PARAM_INT) parameter population.

   Which however is less convenient than an ->execute list[].

3. Simply make an exception here and just interpolate plain integers when preparing the SQL query.

    $limit = intval($limit);
    $s = $pdo->prepare("SELECT * FROM tbl LIMIT {$limit}");
   

   The casting is important. More commonly you see ->prepare(sprintf("SELECT ... LIMIT %d", $num)) used for such purposes.

4. If you're not using MySQL, but for example SQLite, or Postgres; you can also cast bound parameters directly in SQL.

    SELECT * FROM tbl LIMIT (1 * :limit)
   

   Again, MySQL/MariaDB don't support expressions in the LIMIT clause. Not yet.