How do I set ORDER BY params using prepared PDO statement?

Question

I\'m having problems using params in the ORDER BY section of my SQL. It doesn\'t issue any warnings, but prints out nothing.

$order = \'column         


        

Answer 1

If I'm not entirely mistaken, Pascal is right.
The only binding possible in PDO is the binding of values, as you did with the ':my_param' parameter.
However, there's no harm done in:

$stmt = $db->prepare("SELECT field from table WHERE column = :my_param ORDER BY ".$order ." ".$direction);
$stmt->bindParam(':my_param', $is_live, PDO::PARAM_STR);
$stmt->execute();

The only thing to take notice of would be the correct escaping of $order and $direction, but since you set them manually and didn't set them via user input, I think you're all set.