Return to Answer

Improved answer based on extra info

Source Link

edited May 4, 2014 at 19:48

melvin

1.1k
8
12

Addition after more information

Depending on your expected functionality you can do 2 things.

If there is a default sorting order you should set that when price is empty

$sorts = array('prioritetas', 'kaina ASC', 'kaina DESC'); if ((!isset($_POST['price']) || !is_numeric($_POST['price'])) && !in_array($_POST['price'], $sorts)) { $sort = 'kaina ASC'; } else { $sort = '$_POST['price']'; }

OR if there is no default sort only add the sort to the query when price is not empty

$sorts = array('prioritetas', 'kaina ASC', 'kaina DESC'); $query = "SELECT * FROM telefonai";
if ((!isset($_POST['price']) || !is_numeric($_POST['price'])) && !in_array($_POST['price'], $sorts)) { $query .= "order by " . $sort; } $query .= " LIMIT $startrow, 5";

I added an example of the white listing for you as well

Source Link

created May 4, 2014 at 19:06

melvin

1.1k
8
12

I will try to formulate it as answer because i need to add the code.

Btw for this answer i assume your only problem is the sql error you have in your screenshot. The place you placed your print for the mysqlerror would never be reached btw because you have an mysql error and die() stops everything.

I think that the first answer is correct and you have to use $sort instead of $price. But if that does not work the code below should show you how to add extra debugging.

On a side note really use prepared statements or add some checking on sort (a white list or something)

This is the complete code (without validation) with some test code commented out. If it does not work after that you should uncomment the test code and run again and show the output. If things do work you can remove the commented lines i added.

  <h3>Mobilieji Telefonai</h3>
    <form method="post" action="">
     <select name="price">
    <option value="prioritetas">Atsitiktinis</option>
        <option value="kaina DESC">Kaina nuo mažiausios</option>
        <option value="kaina ASC">Kaina nuo didžiausios</option>
    </select>
    <input type="submit" name="orderPrice" value="orderPrice" />

 </form>
  </div>
  <?php


  if (!isset($_GET['startrow']) or !is_numeric($_GET['startrow'])) {
    $startrow = 0;
  } else {
    $startrow = (int)$_GET['startrow'];
  }
   $sort = @$_POST['price']; 

$query = "SELECT * FROM telefonai order by " . $sort . " LIMIT $startrow, 5";
//$query2 = "SELECT * FROM telefonai order by ". $price . " LIMIT $startrow, 5";
print $query;
//print $query2;

$fetch = mysql_query($query)or die(mysql_error());

$num=Mysql_num_rows($fetch);
    if($num>0)
    {
    echo "<table border=2  >";
    echo "<tr><td>Telefono pavadinimas</td><td>Nuotrauka<td>Kaina</td>     <td>Parduotuve</td><td>Nuoroda</td></tr>";
    for($i=0;$i<$num;$i++)
    {
    $row=mysql_fetch_row($fetch);
    echo "<tr>";
    echo"<td>$row[1]</td>";
    echo "<td>   <img src=\"{$row[5]}\"  width=75  height=75/>    </td>";
    echo"<td>$row[2] LT</td>";
    echo"<td>$row[3]</td>";
    echo "<td><a href=\"{$row[4]}\"><img  src=\"".base_url()."images/parduotuve.png\" /></a></td>";
    echo"</tr>";
    }
    echo"</table>";
    }
  echo '<a href="'.base_url().$this->uri->segment(1)."/".'?startrow='.     ($startrow+5).'">Sekantis</a>';
 $prev = $startrow - 5;
 if ($prev >= 0)
    echo '<a href="'.base_url().$this->uri->segment(1)."/".'?startrow='.$prev.'">    Buves</a>';
  ?>
  </form>
  </body>
  </html>
  <br>

Collectives™ on Stack Overflow

Return to Answer