Jump to content

order by $sort variable

yandoo

By yandoo
in PHP Coding Help

Recommended Posts

yandoo Advanced Member

yandoo

Posted
Posted

Hello, 

 

I've added a $sort variable to my query and created a form with a drop down so a user can sort the records in specific ways. It isn't working though and throws up an error: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given. This relates to the While loop below it. It was working fine before I added the new $sort variable code. 

 

Any ideas? 

<?php 
$sort = $_POST['order']; 
if (!empty($sort)) { // If you Sort it with value of your select options


$sql4 = "SELECT media.*, IF (ISNULL(rating.ip), 0, 1) AS HasRated
FROM media LEFT JOIN rating ON media.media_id = rating.media_id AND rating.ip = '".$ipaddress."'
WHERE media.media_type = 'Book' ORDER BY '".$sort."' ASC $limit";


} else { // else if you do not pass any value from select option will return this


$sql4 = "SELECT media.*, IF (ISNULL(rating.ip), 0, 1) AS HasRated
FROM media LEFT JOIN rating ON media.media_id = rating.media_id AND rating.ip = '".$ipaddress."'
WHERE media.media_type = 'Book' ORDER BY media_title ASC $limit";
}
if ($productCount > 0) {
while($row = mysql_fetch_array($sql4)){ 
             $id = $row["media_id"];
$media_title = $row["media_title"];
$genre = $row["genre"];
$media_image = $row["media_image"];
$media_date = $row["media_date"];
$media_producer = $row["media_producer"];
$media_description = $row["media_description"];
$media_link = $row["media_link"];
$get_copy = $row["get_copy"];
$media_id = $row["media_id"];
$rating = $row['rating'];
?>




<form name="sort" id="sort" action="books.php" method="post">
<select name="order">
   <option value="choose">Make A Selection</option>
   <option value="media_title">Title</option>
   <option value="rating">Rating</option>
   <option value="media_producer">Author</option>
   <option value="genre">Genre</option>
</select>
<input type="submit" value=" - Sort - " />
</form>
 
 

Any ideas on how I can get this to work please?

 

I fixed it by removing the '".."' from '".$sort."'

Link to comment
https://forums.phpfreaks.com/topic/279695-order-by-sort-variable/
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

some suggestions -

 

your $sort value is a column name. in order to prevent sql injection you must validate that it holds exactly one of the permitted column names.

 

you should not repeat code. you are repeating the query statement, once with a variable and once with a hard-coded default value. what happens when you want to change something about the query? you must find all of them and make sure you change each one the same way. if the submitted $sort isn't one of the permitted choices (your select menu submits a value of "choose" if nothing is selected, which will likely result in a query error) set $sort to the default media_title and use the one query with the $sort variable in it.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.