Why can't I ORDER BY name in this query?

Question

In my PHP function to populate the categories in my database, I have the following query:

$query = 'SELECT cat_id FROM cat WHERE name="'.$_GET['cat'].'"';

Why can I not sort by name when I do the following:

$query = 'SELECT cat_id FROM cat WHERE name="'.$_GET['cat'].'" ORDER BY name';

I do not get an error, but the sorting stays the same on the page, items are not sorted by name as I want them to be. My text editor doesn't highlight ORDER BY as an operation like it does with SELECT, FROM, WHERE

Full function:

function populate_category()
{
  global $link;

  $query = 'SELECT cat_id FROM cat WHERE name="'.$_GET['cat'].'"';
  $result = mysqli_query($link, $query);
  $cat_id = mysqli_fetch_row($result)[0];
  $nbprod = mysqli_query($link, 'SELECT COUNT(*) FROM item_cat WHERE cat_id="'.$cat_id.'"');

  $query =  'SELECT item.* FROM item JOIN item_cat ON item.item_id=item_cat.item_id JOIN cat ON item_cat.cat_id=cat.cat_id WHERE cat.name = "'.$_GET['cat'].'" ORDER BY item.name';
  $result = mysqli_query($link, $query);

  echo "<span style='display: inline; font-size: 24px; font-weight: bold;'>&quot;{$_GET['cat']}&quot; Journals</span>&nbsp&nbsp&nbsp";
  echo '<span style="color: gray; font-size: 14px; font-weight: 500;">'.mysqli_fetch_row($nbprod)[0].' RESULTS FOUND</span><br><hr>';

  while ($cat = mysqli_fetch_row($result))
    echo '
    <div class="itemlist">
        <span><h3 style="display:inline;">'.$cat[1].'</h3><h6 style="display:inline; margin-left: 1%;"><a href="#"><u>View Media Kit</u></a></h6></span>
        <div class="col-lg-12" style="background-color: white;"><br>
            <div class="row">
              <div class="col-lg-2" style="margin-right: 2%;">
              <a href="#" class="thumbnail"><img src="https://via.placeholder.com/160x210"></a>
              </div>
            </div><br>
            </div>
      </div>
      <hr>
    ';
}

Can you explain what do you mean by "can't do the following"? Do you get some error on that? What is the error? — Dekel, Apr 11 '20 at 00:14
If you're only selecting values with a given value of `name`, trying to order by `name` doesn't make any sense as they will all have the same value. — Nick, Apr 11 '20 at 00:15
What exactly are you trying to sort? There's not enough information in your question. — Nick, Apr 11 '20 at 00:19
But you're only selecting one value, `cat_id`. Is there more data that you are grabbing elsewhere which is what you actually want sorted? — Nick, Apr 11 '20 at 00:50
It would seem what you want to do is `ORDER BY item.name` in the second query (or whatever the column name is for the item name). Note that you don't need the first query, you can just use `WHERE cat.name = \''.$_GET['cat'].'\''` in the second. BUT... you should use a prepared query to avoid injection, see https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 — Nick, Apr 11 '20 at 01:02

Nick · Accepted Answer · 2020-04-11T03:58:50.693

3

You don't need your first query; you can integrate it into the second one by changing your WHERE clause to be on cat.name instead of cat.cat_id. Note you should use a prepared query to avoid SQL injection issues. This code should work:

$query = 'SELECT item.*
          FROM item
          JOIN item_cat ON item.item_id=item_cat.item_id
          JOIN cat ON item_cat.cat_id=cat.cat_id
          WHERE cat.name = ?
          ORDER BY item.name';
$stmt = $link->prepare($query);
$stmt->bind_param('s', $_GET['cat']);
if (!$stmt->execute()) {
    echo "Error: " . $stmt->error;
    exit;
}
$result = $stmt->get_result();
// number of products
$num_prods = $result->num_rows;
while ($cat = $result->fetch_row()) {
    // rest of your code here

Note that you shouldn't need a separate query to fetch the number of products, you can simply use $stmt->num_rows after you have called get_result(). I've included that in the code above.

edited Apr 11 '20 at 03:58

answered Apr 11 '20 at 02:07

Nick

138,499
22
57
95

Thanks for taking some time to help out. It is very much appreciated. I have updated my question to include my updated function. I tried using the code you provided and I think I'm messing up somewhere trying to incorporate it. For some reason now it is not showing any data on my page. – bicycle4431 Apr 11 '20 at 02:23
Im getting no output at all, where the products would be listed its blank and the rest of the page is fine. The column is name, yes. Included my original function and the attempt to convert it to a prepared one like you showed. – bicycle4431 Apr 11 '20 at 02:36
1

Can you check what you get if you `echo $num_prods;`? Also `var_dump($result);` after the call to `get_result()` – Nick Apr 11 '20 at 02:45
After adding the var_dump($result); and echoing $num_prods; I get `object(mysqli_result)#4 (5) { ["current_field"]=> int(0) ["field_count"]=> int(8) ["lengths"]=> NULL ["num_rows"]=> int(0) ["type"]=> int(0) }` – bicycle4431 Apr 11 '20 at 03:01
1

Sorry! - I just noticed I accidentally put in `$_GET['name']` instead of `$_GET['cat']` in the `bind_param`. That should fix it hopefully... – Nick Apr 11 '20 at 03:36
Yes that fixed it! However, when I `echo $num_prods;` it prints the number zero – bicycle4431 Apr 11 '20 at 03:56
1

One last typo... it should be `$num_prods = $result->num_rows;` – Nick Apr 11 '20 at 03:59
You've been more than helpful! Appreciate it greatly! – bicycle4431 Apr 11 '20 at 04:02
1

@bicycle4431 no worries - sorry about the typos that slowed the process, but I'm glad we got there in the end. – Nick Apr 11 '20 at 04:04

Why can't I ORDER BY name in this query?

1 Answers1