Jump to content

ORDER BY issue


jperez260

Recommended Posts

Hello All,

 

I've added search to my CMS and one column of data in particular is a date column. My whileLoop spits out data I want however it sorts the date field ASC but I need is DESC.  I've tried adding the ORDER BY in several different ways however I keep getting an error... what would be the best approach to get it to sort the way I want using my current SELECT statement

$search_sql = "	SELECT * 
		FROM tracking 
		INNER JOIN sender ON tracking_sender_id = sender_id 
		INNER JOIN method ON tracking_method_id = method_id 
		WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%')";

the above code works fine but the output sorts ASC, can seem to add the ORDER BY in an appropriate manner to get it DESC.  Any advice ?

 

Thank you in advance

Link to comment
Share on other sites

I do not have it in here due to it throwing an error.... I'm not sure where is the best place to put it...

 

I've tried the following...

DOES NOT WORK - ERROR

$search_sql = "	SELECT * 
		FROM tracking 
		INNER JOIN sender ON tracking_sender_id = sender_id 
		INNER JOIN method ON tracking_method_id = method_id 
                ORDER BY tracking_date ASC 
		WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%')";
Link to comment
Share on other sites

UPDATE!!!

 

Ok I'm a dope

 

This seems to work...

$search_sql = "	SELECT * 
		FROM tracking 
		INNER JOIN sender ON tracking_sender_id = sender_id 
		INNER JOIN method ON tracking_method_id = method_id 
		WHERE (tracking_recepient LIKE '%" . $_POST['search'] . "%') ORDER BY tracking_date DESC";

Sorry for crying wolf :-/

 

I added the parentheses as a last effort before I came to the php community however I did not attempt to add the ORDER BY after the parentheses , didn't seem to work before but now it does. :-|

Edited by jperez260
Link to comment
Share on other sites

This has nothing to do with the parentheses. The ORDER BY clause simply has to come after the WHERE clause. Wherenever you're unsure about the syntax, the MySQL manual will help.

 

Besides that, your code is wide open to SQL injection attacks, because you insert the raw user input straight into the query. Attackers can use this to manipulate the query and steal sensitive data or even take over the entire server. Always escape input before inserting it into a query. In modern programming, we actually avoid this problem altogether by using prepared statements. But this may not be supported by your CMS, depending on its age and quality.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.