jperez260 Posted May 15, 2014 Share Posted May 15, 2014 Hello All, I've added search to my CMS and one column of data in particular is a date column. My whileLoop spits out data I want however it sorts the date field ASC but I need is DESC. I've tried adding the ORDER BY in several different ways however I keep getting an error... what would be the best approach to get it to sort the way I want using my current SELECT statement $search_sql = " SELECT * FROM tracking INNER JOIN sender ON tracking_sender_id = sender_id INNER JOIN method ON tracking_method_id = method_id WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%')"; the above code works fine but the output sorts ASC, can seem to add the ORDER BY in an appropriate manner to get it DESC. Any advice ? Thank you in advance Quote Link to comment Share on other sites More sharing options...
ginerjm Posted May 15, 2014 Share Posted May 15, 2014 Where IS the order by clause? Quote Link to comment Share on other sites More sharing options...
jperez260 Posted May 15, 2014 Author Share Posted May 15, 2014 I do not have it in here due to it throwing an error.... I'm not sure where is the best place to put it... I've tried the following... DOES NOT WORK - ERROR $search_sql = " SELECT * FROM tracking INNER JOIN sender ON tracking_sender_id = sender_id INNER JOIN method ON tracking_method_id = method_id ORDER BY tracking_date ASC WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%')"; Quote Link to comment Share on other sites More sharing options...
jperez260 Posted May 15, 2014 Author Share Posted May 15, 2014 (edited) UPDATE!!! Ok I'm a dope This seems to work... $search_sql = " SELECT * FROM tracking INNER JOIN sender ON tracking_sender_id = sender_id INNER JOIN method ON tracking_method_id = method_id WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%') ORDER BY tracking_date DESC"; Sorry for crying wolf :-/ I added the parentheses as a last effort before I came to the php community however I did not attempt to add the ORDER BY after the parentheses , didn't seem to work before but now it does. :-| Edited May 15, 2014 by jperez260 Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted May 15, 2014 Share Posted May 15, 2014 This has nothing to do with the parentheses. The ORDER BY clause simply has to come after the WHERE clause. Wherenever you're unsure about the syntax, the MySQL manual will help. Besides that, your code is wide open to SQL injection attacks, because you insert the raw user input straight into the query. Attackers can use this to manipulate the query and steal sensitive data or even take over the entire server. Always escape input before inserting it into a query. In modern programming, we actually avoid this problem altogether by using prepared statements. But this may not be supported by your CMS, depending on its age and quality. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.