I am trying to Order an SQL select query depending on what the user selects from a drop down list. Here is the code of the list
<select name="order">
<option value="Patients_name">Name</option>
<option value="Patients_age">Age</option>
<option value="Patients_address">Address</option>
</select>
$ord=$_POST['order'];#taking the value from the list
$query="Select * from Patients ORDER BY '$ord'";
$result= mysql_query($query);
If i replace
$query="Select * from Patients ORDER BY '$ord'";
by $query="Select * from Patients ORDER BY Patients_age";
Patients_name,Patients_address
It perfectly works though printing $ord would give me the correct value. Any idea why it is not taking the value of $ord
ORDER BY expects a column name. By putting it in quotes, you're making it a string. Remove the single quotes around $ord.
By the way, what you're doing is incredibly dangerous and open to SQL injection. You should verify the column submitted is in fact a column and allowed.
Dont put $org within ''.
$query = "Select * from Patients ORDER BY $ord";