Jump to content

order by $sort variable

yandoo

By yandoo
in PHP Coding Help

 Share
Go to solution Solved by yandoo,

Recommended Posts

yandoo Advanced Member

yandoo

Posted
Posted (edited)

Hello, 

 

I've added a $sort variable to my query and created a form with a drop down so a user can sort the records in specific ways. It isn't working though and throws up an error: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given. This relates to the While loop below it. It was working fine before I added the new $sort variable code. 

 

Any ideas? 

<?php 
$sort = $_POST['order']; 
if (!empty($sort)) { // If you Sort it with value of your select options


$sql4 = "SELECT media.*, IF (ISNULL(rating.ip), 0, 1) AS HasRated
FROM media LEFT JOIN rating ON media.media_id = rating.media_id AND rating.ip = '".$ipaddress."'
WHERE media.media_type = 'Book' ORDER BY '".$sort."' ASC $limit";


} else { // else if you do not pass any value from select option will return this


$sql4 = "SELECT media.*, IF (ISNULL(rating.ip), 0, 1) AS HasRated
FROM media LEFT JOIN rating ON media.media_id = rating.media_id AND rating.ip = '".$ipaddress."'
WHERE media.media_type = 'Book' ORDER BY media_title ASC $limit";
}
if ($productCount > 0) {
while($row = mysql_fetch_array($sql4)){ 
             $id = $row["media_id"];
$media_title = $row["media_title"];
$genre = $row["genre"];
$media_image = $row["media_image"];
$media_date = $row["media_date"];
$media_producer = $row["media_producer"];
$media_description = $row["media_description"];
$media_link = $row["media_link"];
$get_copy = $row["get_copy"];
$media_id = $row["media_id"];
$rating = $row['rating'];
?>




<form name="sort" id="sort" action="books.php" method="post">
<select name="order">
   <option value="choose">Make A Selection</option>
   <option value="media_title">Title</option>
   <option value="rating">Rating</option>
   <option value="media_producer">Author</option>
   <option value="genre">Genre</option>
</select>
<input type="submit" value=" - Sort - " />
</form>
 
 

Any ideas on how I can get this to work please?

 

I fixed it by removing the '".."' from '".$sort."'

Edited by yandoo
Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

some suggestions -

 

your $sort value is a column name. in order to prevent sql injection you must validate that it holds exactly one of the permitted column names.

 

you should not repeat code. you are repeating the query statement, once with a variable and once with a hard-coded default value. what happens when you want to change something about the query? you must find all of them and make sure you change each one the same way. if the submitted $sort isn't one of the permitted choices (your select menu submits a value of "choose" if nothing is selected, which will likely result in a query error) set $sort to the default media_title and use the one query with the $sort variable in it.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.