Mysql php multiple select ,sorting

Question

hello i am a noob and i am trying to solve this for hours.I try my url to look like this when i select an option.

category.php?cat_id=122&sort=BOOK_ID+ASC

I am trying with this code

<form name=\"myform\" \">
<select name=\"sort\" id=\"sort\" style=\"float: right;\" onChange=\"document.myform.submit();\">
    <option value=\"car_ID desc&cat_id=$_GET[cat_id]\">cars desc</option>
    <option value=\"car_ID ASC&cat_id=$_GET[cat_id]\">cars asc</option>
</select>
</form><p>";
    $sort="$_GET[sort]";
     $stm = "SELECT *
           FROM cars
           where cat_id=$_GET[cat_id]
            ORDER BY $sort";

but the result is this: category.php?sort=car_id+ASC%26cat_id%3D122

Please help...

Answer 1

I would do the following:

<form name=\"myform\" \">
<input type=\"hidden\" name=\"cat_id\" value=\"$_GET['cat_id']\">
<select name=\"sort\" id=\"sort\" style=\"float: right;\" onChange=\"document.myform.submit();\">

    <option value=\"car_ID desc\">cars desc</option>
    <option value=\"car_ID ASC\">cars asc</option>
</select>
</form><p>";
    $sort="$_GET[sort]";
     $stm = "SELECT *
           FROM cars
           where cat_id=$_GET[cat_id]
            ORDER BY $sort";

A couple of notes here. First, this isn't secure AT ALL. I could easily put ";DROP TABLE..." or something else in the get variable. Second, you probably don't want to be using GET at all. I would handle all form input with POST instead.

Answer 2

Your problem is here:

<option value=\"car_ID desc&cat_id=$_GET[cat_id]\">cars desc</option>

You probably want:

<option value=\"cat_id=$_GET[cat_id]&car_ID desc\">cars desc</option>

That said, I'm not sure where your variable car_ID is coming from, and the space between car_ID and 'desc' will cause a problem with your url.