current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 1 down vote favorite

I am a little green with PHP and I have a small problem I am hoping to get some help with. I am using the following query in a file and I want to add a sort order at the end. I am not sure how to escape the last part of the query to get the query to accept the sort order.

$queryPro = "select * from pages WHERE MenuType='S' AND Activate='Y' AND SiteID='4000' AND SubMenuOf=".$rowCat["PageNumber"];

What I would like to use is 

$queryPro = "select * from pages WHERE MenuType='S' AND Activate='Y' AND SiteID='4000' AND SubMenuOf=".$rowCat["PageNumber"] Order By SortOrder ASC;

But this produces an error.

Any help will be greatly appreciated.

Thanks JW

share|improve this question

1 Answer 1

up vote 2 down vote accepted

you did not include the ORDER BY... in the string causing syntax error,

$queryPro = "select...AND SubMenuOf=".$rowCat["PageNumber"] . " Order By SortOrder ASC";

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

share|improve this answer
    
Thank you for the help and the link. I will try to implement these changes. –  user2443813 Jun 1 '13 at 18:53

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.