This question already has an answer here:
I can't find how to use a variable as a parameter of the ORDER BY selector : the following code doesn't work.
$orderBy = 'number';
$q = $instanceBDD->prepare('SELECT * FROM operations ORDER BY :orderBy ASC',
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$q->execute(array('orderBy' => $orderBy));
whereas
$q = $instanceBDD->prepare('SELECT * FROM operations ORDER BY number ASC',
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
$q->execute();
works.
Since I'd like to put this code in a function with $orderBy as a parameter, it would be really convenient to find a way to tackle this problem...
</div>
I don't think you can :
You can use just variables tho, like
$orders=array("name","price","qty");
$key=array_search($_GET['sort'],$orders));
$order=$orders[$key];
$instanceBDD->prepare("SELECT * FROM operations ORDER BY '$order' ASC');
Whats wrong with directly putting it int the string?
$q = $instanceBDD->prepare('SELECT * FROM operations ORDER BY '.$orderBy.' ASC',
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
EDIT: Of course $orderBy has to be escape to avoid injections (PDO::quote()).