Welcome to WebmasterWorld Guest from 54.227.110.209

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Options to sort table displayed

     

tonynoriega

6:15 pm on Jun 21, 2007 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



i have a table that displays recrods from a mysql dbase.

i use this statement:

$sql = 'SELECT * from registration_table ORDER by last_name ASC';

I have several other fields that are displayed also, First Name, Address, City.....etc...etc.

How can i make this table sortable by any column that my users wnat?

Can i do that with submit buttons?

Habtom

6:52 pm on Jun 21, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yea a select box and a submit button, or on an event on the select box would do it fine. You can pass it to the same page. If you don't want your field names exposed, you can put numbers as input and use if conditions.

$ORDER_BY = $_REQUEST['field_name'];

$sql = "SELECT * from registration_table ORDER by ". $ORDER_BY ." ASC";

Habtom

justgowithit

6:59 pm on Jun 21, 2007 (gmt 0)

10+ Year Member



Just remember to validate well since you're putting user-submitted data directly into a query.

Better yet, use a switch statement with a default and you can hide field names and you don't have to worry about rogue data.

henry0

8:22 pm on Jun 21, 2007 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

To secure a switch
You may use for example:
$state=$_POST['state'];
$clean_state = array();
switch ($_POST['state'])
{
case 'ct':
case 'ma':
case 'ny':
$clean_state['state'] = ($_POST['state']);
break;
}
$state=$clean_state['state'];
if ($state!=$clean_state['state'])
{
echo" <h1>We are aware of the tentative intrusion in State options</h1><br>";
exit();
}

mcibor

8:56 pm on Jun 21, 2007 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Or if you don't have a pagination, then you can even do that with free javascript code - sort on the client's side.

[kryogenix.org...]

natural number

6:27 am on Jun 22, 2007 (gmt 0)

10+ Year Member



Your switch idea is great. Why didn't I think of that? I'll have to implement that on my sites soon. I love simple solutions to complex problems.

henry0

10:58 am on Jun 22, 2007 (gmt 0)

WebmasterWorld Senior Member henry0 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Thanks,
French people have a quote (loosely translated) “Give back to Caesar what's belonging to Caesar"
Meaning I do not claim paternity for the solution!
I read about it somewhere and make it working for my specific needs
Reading about security is a double edge sword; you get scared and may learn a great deal too :)

justgowithit

2:44 pm on Jun 22, 2007 (gmt 0)

10+ Year Member



Hidden fields are vulnerable as well;
you need to verify that the data received is the data expected

Hidden fields are irrelevant here. Use a switch to explicitly declare input (like the example with the $clean_state array above) and then default if none are met. In an inconsequential situation like this there’s no need and/or point to break from the system to tell someone you are aware of their mischief.