www.webdeveloper.com
Results 1 to 2 of 2

Thread: displaying a table in php

  1. #1
    Join Date
    Jan 2014
    Posts
    2

    Unhappy displaying a table in php

    Hi guys,

    I am having serious problems sorting a table according to the users option. I already have a working php code to display the table, I just have problems with the code to display the table with options the user has selected.

    The user can select an option of either asc or desc order from a drop box and the column they want arranged in the specified way.

    I have been able to develop the following code and keep getting an error message.Below is the code I generated n the error:
    <?php
    if (isset($_POST['submitted']))

    $walkIn = $_POST['WalkIn'];

    $walkOut = $_POST['WalkOut'];

    $result = mysql_query("SELECT * FROM Results ORDER BY $walkIn $walkOut ")
    or die(mysql_error());


    ?>

    the html

    <tr>

    <td>
    Display table in =
    <select name="WalkIn">
    <option value="Please Choose">Please Choose</option>
    <option value="asc">Ascending order</option>
    <option value="desc">Descending order</option>
    </select>
    </td>

    <td>


    on =
    <select name="WalkOut">
    <option value="Please Choose">Please Choose</option>
    <option value="Goliath">Goliath</option>
    <option value="Samson">Samson</option>
    </select>
    </td>

    </tr>

    would appreciate a guide in the right direction

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,251
    Looks like you need to invert the order of $walkIn and $walkOut in your query definition. Right now it would end up being something like:
    Code:
    ... ORDER BY DESC goliath
    But it should be:
    Code:
    ... ORDER BY goliath DESC
    PS: As currently coded, you are susceptible to SQL injection attacks/errors, since you do not sanitize those inputs. Also, if a (malicious) user sends some value for those 2 input parameters that is invalid (not a valid column name, or not "desc" or "asc"), your die() statement will spew information you may not want (malicious) users to see.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles