MSSQL php pdo分页，bindParam上有些​​不对劲

Question

Working fine with MsSQL :

$ppage = 15;
$poset = 0;
$stmt = "SELECT * FROM tbl ORDER BY ID OFFSET {:$poset } ROWS FETCH NEXT {:ppage } ROWS ONLY";
$stmt = $this->conn->prepare($stmt);
$stmt->execute();
return $row = $stmt->fetchAll();

Not working fine with MsSQL :

$ppage = 15;
$poset = 0;
$stmt = "SELECT * FROM tbl ORDER BY ID OFFSET :poffset ROWS FETCH NEXT :perpage ROWS ONLY";
$stmt = $this->conn->prepare($stmt);
$stmt->bindParam(':poffset', $poset);
$stmt->bindParam(':perpage', $ppage);
$stmt->execute();
return $row = $stmt->fetchAll();

the query is fine with I use to run with variables actual data it works but it's not working when I set the variable by bindParam , when am I missing.

thanks in advance.

Answer 1

Try using bindValue instead:

$stmt = $this->conn->prepare($stmt);
$stmt->bindValue(':poffset', $poset, PDO::PARAM_INT);
$stmt->bindValue(':perpage', $ppage, PDO::PARAM_INT);
$stmt->execute();

Answer 2

Rather than using the bindParam() function, inside of the parameters of the execute() function, add an array containing the values.

Something like this:

$stmt = $this->conn->prepare($stmt);
$stmt->execute(array(':poffset' => $poset, ':perpage' => $ppage)); // using an array rather than the bindValue function.

Use it as you would normally with the bindParam function, but substitute the commas for => .

This way of doing things will save you having to call the bindParam() function for each value & will still protect against SQL Injection.