Can I use placeholders in a prepared statement for the order by clause of my query?
I'm guessing not, as I tried it, and it didn't seem to work, but it didn't throw any errors either, which seemed strange.
Is there a better way to do this, other than just generating an SQL string with the validated inputs?
No, you can't use placeholders for column name. From DBI manual:
With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it.
But still you can construct query in perl. In this case use quote_identifier method to quote column name.