At 8/10/2007 07:43 AM, Jason Pruim wrote:
I want to be able to sort that info so my sql query looks like:
"Select * from current order by '$order';" and $order is populated by
a GET when they click on a link: "<A href=index.php?order='Last'>Sort
by last name</A>" Now... the whole PHP page is being included in
a .shtml page to actually display it and make it look purrdee :)
$order = $_GET['order']; <------Line 6
Your HTML should read:
<a href="index.php?order=Last">Sort by last name</a>
Note double-quotes around the href expression and no quotes around
the querystring parameter value.
Also, you'll want to check the incoming values to prevent SQL
injection (q.v.). If you insert unevaluated input into an SQL query
you're leaving yourself vulnerable to everything from data exposure
to data manipulation from outside sources.
Juniper Webcraft Ltd.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php