On Mon, 13 May 2002, Kevin Meredith wrote:
> I am getting an array from a database using 'order by' to display the data
> like I need.  The headings of the displayed table are links to the same page
> just ordering by that specific field.  This is to assist with finding data
> by either a log number, date or title.  Each time a person selects a new
> order the select statement is rerun and data displayed.
> What I would like to know is if this is the best way of re-ordering the same
> data or should I rather somehow control the order by using the existing data
> in the array.

What you're doing is fine and quite sensible unless the query is very
expensive (in that case, you might want to store the result set in a
session variable).

Just make sure that you're not doing anything stupid like taking the field
name from user input ($_GET) and inserting it right into your query, e.g.:

  $sql = "select * from mytable order by {$_GET['sortfield']}";

...for mischief may then ensue. Instead, number the fields, have your
heading links refer to the numbers, and look up the real names from an
array when building your query.

  Link: <a href="thispage.php?orderby=2">

  // lastname is default in case they fudge with input
  $sortfields = array(0 => 'lastname', 1 => 'firstname', 2 => 'age');
  $sql = 'select * from mytable order by ' 
    . $sortfields[intval($_GET['orderby'])];


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to