I'm using $_GET[] to get a unique id number from the url and then displaying every row that matches that unique id. his displays all the rows but now i'm stuck on how to corectly ordering it by another column name, as it wont allow me to use ORDER BY once I have used the $_GET[]. My query code is as follows
$query = 'SELECT * FROM magazine WHERE issue_number = ' . $_GET['unique_issue_id'];
I now want to order it by the issue_number column.
Thanks in advance
$query = 'SELECT * FROM magazine WHERE issue_number = ' . $_GET['unique_issue_id'] . ' ORDER BY issue_number';
Just remember to escape your GET Parameter before using it but this should work. Not sure what SQL you are using but here are a few ideas to consider.
Use the mysqli_prepare function to keep yourself safe from potential SQL Injection.
//prepare the query
$stmt = $mysqli->prepare("SELECT * FROM magazine WHERE issue_number=? order by issue_number"));
$stmt->bind_param("s", $_GET['unique_issue_id'])
//Execute the query
$stmt->execute();
//Loop through the results
$result = $stmt->get_result();
while ($myrow = $result->fetch_assoc()) {
//Do stuff here
}
Not doing so leaves your application vulnerable. Good luck!
