Welcome to WebmasterWorld Guest from 54.162.213.67

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Options to sort table displayed

     
6:15 pm on Jun 21, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:Sept 8, 2006
posts:1232
votes: 0


i have a table that displays recrods from a mysql dbase.

i use this statement:

$sql = 'SELECT * from registration_table ORDER by last_name ASC';

I have several other fields that are displayed also, First Name, Address, City.....etc...etc.

How can i make this table sortable by any column that my users wnat?

Can i do that with submit buttons?

6:52 pm on June 21, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 15, 2004
posts:1867
votes: 0


Yea a select box and a submit button, or on an event on the select box would do it fine. You can pass it to the same page. If you don't want your field names exposed, you can put numbers as input and use if conditions.

$ORDER_BY = $_REQUEST['field_name'];

$sql = "SELECT * from registration_table ORDER by ". $ORDER_BY ." ASC";

Habtom

6:59 pm on June 21, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 19, 2004
posts:505
votes: 0


Just remember to validate well since you're putting user-submitted data directly into a query.

Better yet, use a switch statement with a default and you can hide field names and you don't have to worry about rogue data.

8:22 pm on June 21, 2007 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4395
votes: 2


Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

To secure a switch
You may use for example:
$state=$_POST['state'];
$clean_state = array();
switch ($_POST['state'])
{
case 'ct':
case 'ma':
case 'ny':
$clean_state['state'] = ($_POST['state']);
break;
}
$state=$clean_state['state'];
if ($state!=$clean_state['state'])
{
echo" <h1>We are aware of the tentative intrusion in State options</h1><br>";
exit();
}

8:56 pm on June 21, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 26, 2003
posts:1133
votes: 0


Or if you don't have a pagination, then you can even do that with free javascript code - sort on the client's side.

[kryogenix.org...]

6:27 am on June 22, 2007 (gmt 0)

Junior Member

10+ Year Member

joined:Oct 6, 2004
posts:131
votes: 0


Your switch idea is great. Why didn't I think of that? I'll have to implement that on my sites soon. I love simple solutions to complex problems.
10:58 am on June 22, 2007 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 19, 2003
posts:4395
votes: 2


Thanks,
French people have a quote (loosely translated) “Give back to Caesar what's belonging to Caesar"
Meaning I do not claim paternity for the solution!
I read about it somewhere and make it working for my specific needs
Reading about security is a double edge sword; you get scared and may learn a great deal too :)
2:44 pm on June 22, 2007 (gmt 0)

Preferred Member

10+ Year Member

joined:Jan 19, 2004
posts:505
votes: 0


Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

Hidden fields are irrelevant here. Use a switch to explicitly declare input (like the example with the $clean_state array above) and then default if none are met. In an inconsequential situation like this there’s no need and/or point to break from the system to tell someone you are aware of their mischief.