In most cases the SQL should obtain dynamically parameters from other variables. This mean that the query should be parametrized. As can be seen this can be done in the same query, but we highly recommend to use the jqGrid feature to pass the parameter values to the method and not to build your own query.
The reason for this is that the query is prepared before it is executed and the parameters are bound to the query for performance and security reasons (e.g in order to prevent SQL Injection attacks)

Related methods

In order to ilustrate how this can be done We will use the example we have used before. Let say that we want to display the rows with OrderID bigger than a certain number (session variable) which should be set before executing the script.The script can look like this:

<?php require_once 'jq-config.php'; // include the jqGrid Class require_once "php/jqGrid.php"; // include the PDO driver class require_once "php/jqGridPdo.php"; // Connection to the server $conn = new PDO(DB_DSN,DB_USER,DB_PASSWORD); // get the variable $param1 = $_SESSION['ordernum']; // Create the jqGrid instance $grid = new jqGrid($conn); // Write the SQL Query $grid->SelectCommand = 'SELECT OrderID, OrderDate, CustomerID, Freight, ShipName FROM orders WHERE OrderID > ? '; $grid->dataType = "json"; // pass the parameter $grid->queryGrid(null, array($param1)); ?>

All the parameters should be passed whitin an array and the number of the placeholders ? should equal the length of the array.
You can pass as many parameters as you want.

As you can see the array is passed as second argument of the queryGrid method.