Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 16 to 18 of 18
Thread: Sorting with Prepared Statement?
11-10-2013, 06:16 AM #16
- Join Date
- Sep 2002
- Thanked 20 Times in 20 Posts
Funny, I don't see how tango's is much different than what I originally posted...the only differences are that I used an number to define the case, the case variable string is using 'this.that' where mine used a single word and you use mysqli methods to retrieve the info. But if you can't sort the information using mysqli then why not just add the information to a php array and separate and sort the columns independantly.
11-10-2013, 11:48 AM #17
- Join Date
- Feb 2011
- Your Monitor
- Thanked 506 Times in 493 Posts
EG supposing you want your user to be able to sort by two columns - user and date.. don't let the user know those column names invent something else such as name and time and then do this:
//Get user input
$column = (isset($_GET['col']))? $_GET['col']: 'name';
//Check user input, then hardcode our $sort variable
$sort = 'user';
$sort = 'date';
//escape it just in case
$sort = mysqli_real_escape_string($sort);
//Use OUR hardcoded variable instead of any user input.
mysqli_prepare($con, "select * from table order by $sort");
It was all there in my screenies... I just blanked out table names as I didn't want that project owners code being splattered around - even though I wrote it!
Your post only said this:
Last edited by tangoforce; 11-10-2013 at 12:43 PM.My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!
11-10-2013, 05:40 PM #18