In most cases the SQL should obtain dynamically parameters from other variables. This mean that the query should be parametrized. As can be seen this can be done in the same query, but we highly recommend to use the jqGrid feature to pass the parameter values to the method and not to build your own query.
The reason for this is that the query is prepared before it is executed and the parameters are bind to the query. This prevent SQL Injection.

exportToExcel
queryGrid
querySubGrid
editGrid
renderGrid

In order to ilustrate how this can be done We will use our example

Let suppose that we want to display the orders at certain number depending on the session variable which should be set before executing the script.The script can look like this:

<?php
require_once 'jq-config.php';
// include the jqGrid Class
require_once "php/jqGrid.php";
// include the PDO driver class
require_once "php/jqGridPdo.php";
// Connection to the server
$conn = new PDO(DB_DSN,DB_USER,DB_PASSWORD);

// get the variable
$param1 = $_SESSION['ordernum'];

// Create the jqGrid instance
$grid = new jqGrid($conn);
// Write the SQL Query
$grid->SelectCommand = 'SELECT OrderID, OrderDate, CustomerID, Freight, ShipName FROM orders WHERE OrderID > ? ';

$grid->dataType = "json";

// pass the parameter 
$grid->queryGrid(null, array($param1));
?>

All the parameters should be passed whitin arrary and the number of the placeholders ? should equal of length of the array.
You can pass as many parameters as you want.

As you can see the array is passed as second argument of the queryGrid method.