NCS Logo - Click for home page Northstar Developer Center
Selected Platform: All
RSS Subscriptions | About the Developer Center | Editorial Policy
Platforms
All Platforms
.NET Framework (1.x - 4.x)
Active Server Pages
ASP.NET
C#
SQL Server
VB.NET
Visual Basic

Keywords
.NET Data Types
.NET E-mail
.NET Events
.NET Functions
.NET Object Programming
.NET System.Configuration
.NET System.Diagnostics
.NET System.IO
.NET System.Net
.NET System.Net.Sockets
Active Data Objects
ASP Architecture
ASP Black Belt
ASP Built-in Functions
ASP Built-in Objects
ASP Debugging
ASP Performance
ASP Security
ASP Syntax
ASP.NET Authentication
ASP.NET Controls
ASP.NET Data Access
ASP.NET Features
ASP.NET Master Pages
ASP.NET Page Events
ASP.NET Security
ASP.NET ViewState
Atom
Certifications
COM, DCOM, COM+
Data Access
E-Mail
Errors
Exporting Data
HTML Tips
IIS
Object-Oriented Programming
RSS
SQL
Uncategorized ASP Tips
VB API Programming
VB Forms
VB Syntax
XML

Book Support
Visual Basic 6 Bible
ASP Bible
ASP Weekend Crash Course
ASP.NET At Work
Creating Web Services

Building a Sorting Query

Written by Eric Smith, Northstar Computer Systems LLC

In many of my tables, I provide the option to sort by a column, as is used in the ASP Techniques Tip Archive. To make this work, I build a SQL statement that adds on a sort field based on the column selected, as shown here: 
strSQL = "SELECT * FROM tblTips ORDER BY " & strSortField
Since we're not dealing with a data value, we don't need single quotes around the name of the sort field. You do need to be careful with this type of code, especially if the value for strSortField is coming from a URL. You should be sure to clean the value to prevent potential SQL injection attacks by looking for single quotes and for the dash-dash sequence, which can allow the rest of a statement to be ignored.

Keywords: [ ASP Security ]

Publication Date: 7/14/2000, Last Update: 2/25/2010