At 8/10/2007 07:43 AM, Jason Pruim wrote:
I want to be able to sort that info so my sql query looks like:
"Select * from current order by '$order';" and $order is populated by
a GET when they click on a link: "<A href=index.php?order='Last'>Sort
by last name</A>"  Now... the whole PHP page is being included in
a .shtml page to actually display it and make it look purrdee :)
$order = $_GET['order']; <------Line 6

Your HTML should read:

        <a href="index.php?order=Last">Sort by last name</a>

Note double-quotes around the href expression and no quotes around the querystring parameter value.

Also, you'll want to check the incoming values to prevent SQL injection (q.v.). If you insert unevaluated input into an SQL query you're leaving yourself vulnerable to everything from data exposure to data manipulation from outside sources.



Paul Novitski
Juniper Webcraft Ltd.

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to