homepage Welcome to WebmasterWorld Guest from 54.196.62.132
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Options to sort table displayed
tonynoriega




msg:3374948
 6:15 pm on Jun 21, 2007 (gmt 0)

i have a table that displays recrods from a mysql dbase.

i use this statement:

$sql = 'SELECT * from registration_table ORDER by last_name ASC';

I have several other fields that are displayed also, First Name, Address, City.....etc...etc.

How can i make this table sortable by any column that my users wnat?

Can i do that with submit buttons?

 

Habtom




msg:3374995
 6:52 pm on Jun 21, 2007 (gmt 0)

Yea a select box and a submit button, or on an event on the select box would do it fine. You can pass it to the same page. If you don't want your field names exposed, you can put numbers as input and use if conditions.

$ORDER_BY = $_REQUEST['field_name'];

$sql = "SELECT * from registration_table ORDER by ". $ORDER_BY ." ASC";

Habtom

justgowithit




msg:3375001
 6:59 pm on Jun 21, 2007 (gmt 0)

Just remember to validate well since you're putting user-submitted data directly into a query.

Better yet, use a switch statement with a default and you can hide field names and you don't have to worry about rogue data.

henry0




msg:3375063
 8:22 pm on Jun 21, 2007 (gmt 0)

Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

To secure a switch
You may use for example:
$state=$_POST['state'];
$clean_state = array();
switch ($_POST['state'])
{
case 'ct':
case 'ma':
case 'ny':
$clean_state['state'] = ($_POST['state']);
break;
}
$state=$clean_state['state'];
if ($state!=$clean_state['state'])
{
echo" <h1>We are aware of the tentative intrusion in State options</h1><br>";
exit();
}

mcibor




msg:3375100
 8:56 pm on Jun 21, 2007 (gmt 0)

Or if you don't have a pagination, then you can even do that with free javascript code - sort on the client's side.

[kryogenix.org...]

natural number




msg:3375452
 6:27 am on Jun 22, 2007 (gmt 0)

Your switch idea is great. Why didn't I think of that? I'll have to implement that on my sites soon. I love simple solutions to complex problems.

henry0




msg:3375613
 10:58 am on Jun 22, 2007 (gmt 0)

Thanks,
French people have a quote (loosely translated) “Give back to Caesar what's belonging to Caesar"
Meaning I do not claim paternity for the solution!
I read about it somewhere and make it working for my specific needs
Reading about security is a double edge sword; you get scared and may learn a great deal too :)

justgowithit




msg:3375802
 2:44 pm on Jun 22, 2007 (gmt 0)

Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

Hidden fields are irrelevant here. Use a switch to explicitly declare input (like the example with the $clean_state array above) and then default if none are met. In an inconsequential situation like this there’s no need and/or point to break from the system to tell someone you are aware of their mischief.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved