category sorting and security

Beginners - Learning PHP
#1

I’m new to php and constructed this code by copying/pasting and a lot of trial and error. I can sort each column by using “_GET”, it works fairly well for what I need but I don’t know how secure it is and it’s lacking one thing. Right now it lists my whole table on a page, and one of the columns is a “category” field. I’d like to be able to click on the category field for one entry, and have it show a list of all things that match that category. Is there an easy way to do that? Here’s my current code:

[php]<?php

include("…/…/dbconnectioninfo.php");

$sort = $_GET[‘sort’];

$sortlong = array(“year” => “year, manufacturer, name”, null => “manufacturer, name”, “name” => “name, manufacturer”, “cat” => “category, manufacturer, name”);

mysql_connect($hn,$un,$pw);
@mysql_select_db($db) or die( “DATABASE MISSING!”);
$query=“SELECT * FROM nerd_shelf_items ORDER BY $sortlong[$sort]”;
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

?>

<? while($row = mysql_fetch_array($result)){ ?> 
<tr class="nerdtr">
<td width="76" align="center"><a href="<? echo $row['big_pic']; ?>" class="highslide" onclick="return hs.expand(this)">
<img height="45" width="70" src="<? echo $row['small_pic']; ?>" title="Click to enlarge" /></a>
</td>
<td width="30"><? echo $row['year']; ?></td>
<td width="100"><? echo $row['manufacturer']; ?></td>
<td width="354"><? echo $row['name']; ?></font></td>
<td width="100"><? echo $row['category']; ?></td>
</tr>

<?

}

echo “

Year Manufacturer Name Category
”;

?>[/php]

Sponsor our Newsletter | Privacy Policy | Terms of Service