function theme_table_header_sortable_order_by

6.x theme_table_header_sortable_order_by($headers)

Used with the theme_table_header_sortable function (meant to be called AFTER headers have been created.)

The main thing we want to do is confirm that what we are getting from GET is a valid fieldname in the headers array, to prevent SQL injection.

7 calls to theme_table_header_sortable_order_by()
admin_display_watchdog in modules/admin/admin.module
alerts_advisees_alerts_form in modules/alerts/alerts.module
Displays alerts for our various advisees.
alerts_display_advisee_activities_page in modules/alerts/alerts.module
Display all advisee activities since the beginning of time, thanks to pager query.
content_display_content_admin_list in modules/content/content.module
Display a list of content for the administrator
content_public_files_form in modules/content/content.module
This screen lets the user upload/manage/delete "public files" stored at custom/files/content_uploads/public_uploads/

... See full list


includes/, line 132


function theme_table_header_sortable_order_by($headers) {

  $rtn = "";

  $fsort = @$_GET ['fsort'];
  $fsortdir = @$_GET ['fsortdir'];

  if (!$fsort) {
    return '';

  if ($fsort) {
    // Confirm that this field is in the headers array.
    $bool_found_it = FALSE;
    foreach ($headers as $header) {
      if (isset($header ['field']) && $header ['field'] == $fsort) {
        $bool_found_it = TRUE;
    if (!$bool_found_it) {
      return ""; // couldn't find it!

  if ($fsortdir != "" && $fsortdir != 'ASC' && $fsortdir != 'DESC') {
    $fsortdir = '';


  return "ORDER BY $fsort $fsortdir";