ORDER BY and WHERE mysql and php

Question

This code doesn't work when add order by with where.

$sel = "SELECT * FROM items ORDER BY 'item_no' WHERE mainitem_id=".$_GET['cate_id'] ;

score 2 · Answer 1 · edited May 23 '17 at 12:05

2

$sel = "SELECT * FROM items 
        WHERE mainitem_id='".$_GET['cate_id']."' 
        ORDER BY item_no";

But note that your code is vurnerable to SQL injections. Please fix that problem too. See here

edited May 23 '17 at 12:05

Community

1
1

answered Aug 24 '13 at 18:15

juergen d

201,996
37
293
362

score 1 · Accepted Answer · answered Aug 24 '13 at 18:16

1

Use ORDER BY at the END of your Query:

$sel = "SELECT * FROM items WHERE mainitem_id='".addslashes($_GET['cate_id'])."' ORDER BY item_no;

answered Aug 24 '13 at 18:16

Lkopo

4,798
8
35
60

score 0 · Answer 3 · answered Aug 24 '13 at 18:19

Use:

$sel = "SELECT * FROM items WHERE mainitem_id=".mysqli_real_escape_string($conn, $_GET['cate_id'])."ORDER BY 'item_no'" ;

mysqli_real_escape_string() will protect you from sql injection.

Get variables are more prone to sql injections.So do check http://php.net/manual/en/security.database.sql-injection.php

score 0 · Answer 4 · answered Aug 24 '13 at 18:20

0

$cate_id = mysql_real_escape_string($_GET['cate_id']); //or any proper similar function (mysqli recommended)
$sel = "SELECT * FROM items WHERE mainitem_id='$cate_id' ORDER BY 'item_no'";

answered Aug 24 '13 at 18:20

Javid

2,755
2
33
60

ORDER BY and WHERE mysql and php

4 Answers4