Apologies if this has been asked already. I’ve seen answers regarding static SQLs, but

Question

0

Asked: May 11, 20262026-05-11T08:52:59+00:00 2026-05-11T08:52:59+00:00

Apologies if this has been asked already. I’ve seen answers regarding static SQLs, but

0

Apologies if this has been asked already. I’ve seen answers regarding static SQLs, but in this case I’d like to use PDO->prepare() for a query string that is built dynamically at runtime.

Breaking down into a simple example:

$TempSQL = 'SELECT field1, field2, field3 FROM table WHERE ';  if ($numberParams == 1) {     $TempSQL = $TempSQL . ' field1 = '$val1' '; } else {     $TempSQL = $TempSQL . ' field2 = '$val2' ';     $TempSQL = $TempSQL . ' AND field3 = '$val3' '; }  db->query($TempSQL);

How do I rewrite this as a db->prepare()?

Should I build the statement->execute(array(‘:param’ => $var))) on the fly as well?

Is there a better / neater way?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-11T08:53:00+00:00

Perhaps something like this. (untested)

$TempSQL = 'SELECT field1, field2, field3 FROM table WHERE '; $args=array();  if ($numberParams == 1) {     $TempSQL = $TempSQL . ' field1 = :val1'     $args[':val1']=$val1; } else {     $TempSQL = $TempSQL . ' field2 = :val2 and field3 = :val3';     $args[':val2']=$val2;     $args[':val3']=$val3; }  $stmt=$db->prepare($TempSQL); $stmt->execute($args);

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Apologies if this has been asked already. I’ve seen answers regarding static SQLs, but

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply