jpfuentes2
$options['order'] should accept placeholders / parameterized query
Apologies in advance if this issue has been discussed before; I searched and found no such discussion. Currently, $options['order'] accepts only a simple string, as per the wiki:
Book::find('all', array('order' => 'price desc, title asc'));
It would be nice if one could alternatively pass an array to $options['order'], akin to conditions as in this case:
Book::all(array('conditions' => array('genre = ? AND price < ?', 'Romance', 15.00)));
So the aforementioned order call could become this:
Book::find('all', array('order' => array('? desc, ? asc', 'price', 'title' ) ) );
Or even this:
Book::find('all', array('order' => array('? ?, ? ?', 'price', 'desc', 'title', 'asc' ) ) );
The reason I'm requesting this feature has to do with automating / abstracting query building. For example, I'm currently writing a REST API that implements Resource Query Language (RQL) queries, and I hope to write a PHP ActiveRecord implementation for libgraviton/php-rql-parser in the near future. RQL has the sort() function, which can be used to generate $options['order'] for the API. However, I do not know what columns API users might request with sort() ahead of time.
In my project, I keep a list of allowed columns both for the current model and the included / joined models, denying requests with arguments not present in this column list, but I don't expect everyone who uses PHP ActiveRecord to do the same. In reference to the forthcoming RQL implementation, it would make me feel much safer if it was possible to parameterize $options['order'] as an additional safe-guard against injection.
In conclusion, I hope I understood the current functionality of $options['order'] correctly, and I hope you'll consider implementing my request into the library. Thank you all for your hard work!
As workaround you could use placeholders, and add the values to the conditions. Untested, and pretty hacky, but should work as the query is interpolated as whole.
