PHP & SQL help

callumacrae

callumacrae

not alex mac
Community Support
Messages
5,257
Reaction score
97
Points
48
I have the following code:

Code: 
if(isset($_GET['ob']) && isset($_GET['o']) && (($_GET['o'] == "asc") || ($_GET['o'] == "d")) && (($_GET['ob'] == "name") || ($_GET['ob'] == "added") || ($_GET['ob'] == "date")))
{
$sql = "SELECT * FROM `Links_links` ORDER BY `" . $_GET['ob'] . "` ";
if($_GET['o'] == "asc"){
$sql .= "asc";
}
}else{
echo "ERROR";
$sql = "SELECT * FROM `Links_links` ORDER BY `Name` ASC";
}
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result))
{
extract($row);
echo "<a href=\"$Link\"><b>$Name</b></a><br /><p>$Description</p><p style=\"font-size:7pt\">Added by $added at $Date</p><br />";
$num++;
}

It doesn't work. It passes the stuff and validates it, but doesn't do anything with it.

It powers the page at http://paperforum.x10hosting.com/links

Thanks if you can help.
 
Salvatos

Salvatos

Member
Prime Account
Messages
562
Reaction score
1
Points
18
I'm not a php pro yet so maybe my question will be dumb, but if it can help...

Why is there a dot before the "="?
Code: 
$sql .= "asc";

Though this part looks even weirder to me ("mysqli"):
Code: 
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result))

As I said maybe they're okay and I just don't know, then excuse my interruption ;)
 
Livewire

Livewire

Abuse Compliance Officer
Staff member
Messages
18,169
Reaction score
216
Points
63
Salvatos said:
I'm not a php pro yet so maybe my question will be dumb, but if it can help...

Why is there a dot before the "="?
Code: 
$sql .= "asc";
Though this part looks even weirder to me ("mysqli"):
Code: 
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result))
As I said maybe they're okay and I just don't know, then excuse my interruption ;)
Click to expand...

Dunno about the .= either but mysqli's basically the same as mysql. Theres some differences in how it actually runs on the other side of the code, but it seems to be used the same ways (so it's valid) :)

Hopefully someone with more knowledge than me can see whats really causing the issue, just wanted to get it in there that mysqli's ok.
 
W

woiwky

New Member
Messages
390
Reaction score
0
Points
0
The .= is just like += or -= but for concatenation. That is, $sql .= "asc"; is the same as $sql = $sql . "asc";.

Anyway, I believe your problem with this is that you have no condition to handle descending order, only one for ascending. And you don't need even a condition for ascending since that's the default order anyway. Try changing your html to this:

HTML: 
In:
<select name="o">
<option value="asc">Ascending</option>
<option value="desc">Descending</option>
</select>

and your php to this:

PHP: 
if(isset($_GET['ob']) && isset($_GET['o']) && (($_GET['o'] == "asc") || ($_GET['o'] == "desc")) && (($_GET['ob'] == "name") || ($_GET['ob'] == "added") || ($_GET['ob'] == "date")))
{
$sql = "SELECT * FROM `Links_links` ORDER BY `{$_GET['ob']}` {$_GET['o']}";
}else{
$sql = "SELECT * FROM `Links_links` ORDER BY `Name` ASC";
}
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result))
{
extract($row);
echo "<a href=\"$Link\"><b>$Name</b></a><br /><p>$Description</p><p style=\"font-size:7pt\">Added by $added at $Date</p><br />";
$num++;
}
 
Last edited:
S

sybregunne

Member
Messages
54
Reaction score
0
Points
6
PHP: 
if(isset($_GET['ob']) && isset($_GET['o']) && (($_GET['o']=="asc") || ($_GET['o'] == "d")) && (($_GET['ob'] == "name") || ($_GET['ob'] == "added") || ($_GET['ob'] == "date")))
{
  $sql = "SELECT * FROM `Links_links` ORDER BY `Links_links`.`" .$_GET['ob'] . "` ";
  if($_GET['o'] == "asc")
  {
    $sql .= "asc";
  } 
  elseif ($_GET['o'] == "d")
  {
    $sql .= "desc";
  }
}
else
{ 
  echo "ERROR";
  $sql = "SELECT * FROM `Links_links` ORDER BY `Name` ASC";
}
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result))
{
  extract($row);
  echo "
    <a href=\"$Link\">
      <b>$Name</b>
    </a><br />
    <p>$Description</p>
    <p style=\"font-size:7pt\">
      Added by $added at $Date</p><br />";
    $num++;
}
Try this code if it changes anything maybe it will work if you
ORDER BY `Links_links`.`name` asc
if not I also cannot see what is wrong unless your php version does not allow mysqli/mysql functions.
 
Last edited:
P

phpasks

New Member
Messages
145
Reaction score
0
Points
0
PHP: 
<?php
if(isset($_GET['ob']) && isset($_GET['o']) && (($_GET['o']=="asc") || ($_GET['o'] == "d")) && (($_GET['ob'] == "name") || ($_GET['ob'] == "added") || ($_GET['ob'] == "date")))
{
  $sql = "SELECT * FROM `Links_links` ORDER BY `Links_links`.`" .$_GET['ob'] . "` ";
  if($_GET['o'] == "asc")
  {
    $sql .= "asc";
  } 
  elseif ($_GET['o'] == "d")
  {
    $sql .= "desc";
  }
}
else
{ 
  echo "ERROR";
  $sql = "SELECT * FROM `Links_links` ORDER BY `Name` ASC";
}
$result = mysqli_query($cxn,$sql) or die("SQL failed");
$num = 1;
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
  extract($row);
  echo "
    <a href=\"$Link\">
      <b>$Name</b>
    </a><br />
    <p>$Description</p>
    <p style=\"font-size:7pt\">
      Added by $added at $Date</p><br />";
    $num++;
}
?>
 
You must log in or register to reply here.
Top