0

With my code I can sort all columns individually but I do have an issue with data not being sorted alphabetically / chronologically apart from the 1st column. Please see below what is displayed and then what I need to see.

What is currently displayed (Payment type and Date not sorted):

| Account | Payment type |    Date    | Amount |
|:--------|:------------:|:----------:|-------:|
| A001    | Rent         | 2021-06-01 | 150.00 |
| A001    | Deposit      | 2021-04-15 | 200.00 |
| A001    | Rent         | 2021-05-02 | 150.00 |
| A002    | Deposit      | 2021-06-20 | 220.00 |
| A003    | Rent         | 2021-06-02 | 250.00 |
| A003    | Deposit      | 2021-05-25 | 300.00 |

What I want to get displayed:

| Account | Payment type |    Date    | Amount |
|:--------|:------------:|:----------:|-------:|
| A001    | Deposit      | 2021-04-15 | 200.00 |
| A001    | Rent         | 2021-05-02 | 150.00 |
| A001    | Rent         | 2021-06-01 | 150.00 |
| A002    | Deposit      | 2021-06-20 | 220.00 |
| A003    | Deposit      | 2021-05-25 | 300.00 |
| A003    | Rent         | 2021-06-02 | 250.00 |

So in short, I want to sort and display data 1stly by the Account column (which displays correctly) and then by the Date column.

My code currently (and yes I know it's open to sql injection and I am working on that ;-) ):

    $orderBy = !empty($_GET["orderby"]) ? $_GET["orderby"] : "contracts_account_nr";
    $order = !empty($_GET["order"]) ? $_GET["order"] : "asc";
    $sql = "SELECT contract.contracts_account_nr, payment.rental_payment_type, payment.rental_payment_amount, payment.rental_payment_date FROM contracts contract RIGHT JOIN rental_payments payment ON contract.contracts_id = payment.contracts_id ORDER BY " . $orderBy . " " . $order;
    $result = mysqli_query($con, $sql); 
    $contractOrder = "asc"; 
    $typeOrder = "asc";  
    $dateOrder = "asc"; 
    if($orderBy == "contract.contracts_account_nr" && $order == "asc") {
    $contractOrder = "desc";    
    }
    if($orderBy == "payment.rental_payment_type" && $order == "asc") {
    $typeOrder = "desc";    
    }
    if($orderBy == "payment.rental_payment_date" && $order == "asc") {
    $dateOrder = "desc";    
    }

Your help will be much appreciated!

Improve this question

2 Answers 2

Reset to default
2

The ORDER BY clause of a prepared statement can't be bound by placeholders. That is, the ORDER BY clause needs to be fixed. So, just do that:

SELECT *
FROM ...
ORDER BY Account, Date;

If you want to allow your users the possibility of choosing how to sort, then I suggest choosing one or more statements with hard-coded ORDER BY clauses, based on the inputs into your PHP script.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Be careful with this code as you have a security issue : SQL injection SQL injection on php.net

$order and $orderBy are both retrived with GET method. You should at least protect them with mysqli_real_escape_string

Improve this answer

1 Comment

You can also create a PDO object and use $pdo->prepare() . By using prepared statements you are protected against SQL injections. The query isn't parsed in the same way as concatenation

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.