This code doesn't work when add order by with where.
$sel = "SELECT * FROM items ORDER BY 'item_no' WHERE mainitem_id=".$_GET['cate_id'] ;
Use ORDER BY at the END of your Query:
$sel = "SELECT * FROM items WHERE mainitem_id='".addslashes($_GET['cate_id'])."' ORDER BY item_no;
$sel = "SELECT * FROM items
WHERE mainitem_id='".$_GET['cate_id']."'
ORDER BY item_no";
But note that your code is vurnerable to SQL injections. Please fix that problem too. See here
Use:
$sel = "SELECT * FROM items WHERE mainitem_id=".mysqli_real_escape_string($conn, $_GET['cate_id'])."ORDER BY 'item_no'" ;
mysqli_real_escape_string() will protect you from sql injection.
Get variables are more prone to sql injections.So do check http://php.net/manual/en/security.database.sql-injection.php
$cate_id = mysql_real_escape_string($_GET['cate_id']); //or any proper similar function (mysqli recommended)
$sel = "SELECT * FROM items WHERE mainitem_id='$cate_id' ORDER BY 'item_no'";