I have a Data Mapper class, and it's been working extremely well. It uses PDO, and I bind the parameters like a good, security minded dev. This is all well and good, until I start screwing around with pagination. Basically, I have the following query (simplified):
Code: Select all
SELECT * FROM comment LIMIT :recordNumber, 3Code: Select all
$prepared->execute(array(':recordNumber'=>$number) )Line 163 being the execute( ) function above.Structured Query Language Error wrote:error_FatalException: Mapper::doStatement(): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1', 3' at line 1 in {path} on line 163
Obviously, the parameter is binding alright (:recordNumber was replaced by 5 in the error). I went to the mysql prompt, and tested the query. It worked very well, UNTIL I tried putting a single quote around the parameter that was bound in my code. I think that's the problem. When I bind the value, it puts a single quote around it, and although this is okay in other situations, a LIMIT doesn't like it.
If you guys could help me out with this, I'd appreciate it. I really don't want to have to change my entire mapper to accommodate this, as I have at least five different modules depending on it. Would be a shame to change the core of it all just because of simple pagination.
Thanks guys.