The implementation changes are rather small. First, an intuitive graphical visualization of the order request like up and down arrows must be added. Next, a link with a parameter for sorting and a value for the corresponding name of the column to be sorted and the sort direction must be attached to the arrows. Be aware to URL-encode your sort string to prevent problems! The following code snippet visualizes the resulting HTML. The parameter is
sort and the sortable column is named
value. The ordering is represented by
Additionally, logic to process the user’s ordering input must be implemented. It checks if the user requested a custom ordering and only applies valid order statements as will be explained after this code snippet.
Validity checks of order statements also need to address and prevent possible SQL injections, ensured by checking each order parameter.
Moreover, information displayed can be either stored in another table or does not exist in a single column, so that it needs to be enhanced through e.g.
order_params.gsub('value', 'labels.value'). The following code snipped visualizes such cases. Multiple order statements can be connected with commas and need to be checked separately. Each statement then needs to be composed of two parts to be valid: The first states the name of the column and the second the order. Lastly, it is ensured that the table column to be sorted exists and the valid statements are rejoined.