views:

214

answers:

1

Can I use placeholders in a prepared statement for the order by clause of my query?

I'm guessing not, as I tried it, and it didn't seem to work, but it didn't throw any errors either, which seemed strange.

Is there a better way to do this, other than just generating an SQL string with the validated inputs?

+7  A: 

No, you can't use placeholders for column name. From DBI manual:

With most drivers, placeholders can't be used for any element of a statement that would prevent the database server from validating the statement and creating a query execution plan for it.

But still you can construct query in perl. In this case use quote_identifier method to quote column name.

Ivan Nevostruev
Don't sort in Perl. The database can do it better.
friedo
@friedo: Thanks for this hint. I've removed that part
Ivan Nevostruev