PHP order by checkbox

I try to order this table by the value of check-box but I get error after i use the check box here is the code I use
[php]






Nume

Universitate

<?php $con=mysqli_connect("localhost","root","","persoane"); // Check connection if (mysqli_connect_error()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); }

$result = mysqli_query($con,“SELECT * FROM pers”);

if(isset($_GET[‘order’]) && !empty($_GET[‘order’]))
{
if ($_GET[‘order’] == ‘nume’) $result .=mysqli_query( $con," ORDER BY nume");
if ($_GET[‘order’] == ‘universitate’) $result.= mysqli_query($con," ORDER BY universitate");
}
echo "

";

while($row = mysqli_fetch_array($result))
{
echo “

”;
echo “”;
echo “”;
echo “”;
}
echo “
Nume Universitate
” . $row[‘nume’] . “” . $row[‘universitate’] . “
”;

mysqli_close($con);
?>

</body>
[/php]

[php]<?php
$orderby = ‘’;
if (isset($_GET[‘order’]))
{
if ($_GET[‘order’] == ‘nume’)
{
$orderby = ‘nume’;
}
if ($_GET[‘order’] == ‘universitate’)
{
$orderby = ‘universitate’;
}
}
$result = mysqli_query($con, “SELECT * FROM pers $orderby”);
?>[/php]

[php]if ( isset($_GET[‘order’])) {

$order = mysqli_real_escape_string($con, “SELECT * FROM pers ORDER BY ($_GET[‘order’])”);

}
[/php]

Slightly different, but escaped and easier to read.

astonecipher, That query will fail. You do not have the GET call correct. I. Should be:

[php]{$_GET[‘order’]}[/php]

Otherwise you will get a parse error. It is also totally insecure. Anyone can pass anything to that query. It should ONLY except the two different parameters he specified, nume or universitate

Sponsor our Newsletter | Privacy Policy | Terms of Service