From 0b5d94dba86b85cacce42b226fdc85b05083b1d0 Mon Sep 17 00:00:00 2001
From: Jacob Andersen <jacob@algorithmjunkie.com>
Date: Thu, 3 Nov 2022 22:28:34 -0700
Subject: [PATCH] Fixup and test PR. Working as expected.

---
 src/support/Database.php | 8 +++++---
 src/util/RequestUtil.php | 9 ++++++---
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/support/Database.php b/src/support/Database.php
index a01e288..e6990da 100644
--- a/src/support/Database.php
+++ b/src/support/Database.php
@@ -137,13 +137,15 @@ public function getResourceUpdates($resource_id, $page, $sorting = null) {
         $page = $page == 1 ? 0 : 10 * ($page - 1);
 
         // Default sorting option for this method.
-        if($sorting == null) $sorting = 'asc';
+        if (is_null($sorting)) $sorting = 'asc';
 
         if (!is_null($this->conn)) {
-            $updatesStmt = $this->conn->prepare($this->_resource_update('AND r.resource_id = :resource_id ORDER BY id :order LIMIT 10 OFFSET :offset'));
+            // PDO tries to quote the sorting method. Can't bind it normally. Should be OK, sorting is enforced to be 'asc' or 'desc'.
+            $querySuffix = sprintf("AND r.resource_id = :resource_id ORDER BY r.resource_update_id %s LIMIT 10 OFFSET :offset", $sorting);
+
+            $updatesStmt = $this->conn->prepare($this->_resource_update($querySuffix));
             $updatesStmt->bindParam(':resource_id', $resource_id);
             $updatesStmt->bindParam(':offset', $page, \PDO::PARAM_INT);
-            $updatesStmt->bindParam(':order', $sorting, \PDO::PARAM_STR);
 
             if ($updatesStmt->execute()) {
                 return $updatesStmt->fetchAll();
diff --git a/src/util/RequestUtil.php b/src/util/RequestUtil.php
index f3081c4..1abed7f 100644
--- a/src/util/RequestUtil.php
+++ b/src/util/RequestUtil.php
@@ -78,11 +78,14 @@ public static function sorting() {
         $value = $_GET['sort'] ?? null;
 
         // Preconditions
-        if($value == null || !is_string($value)) return;
+        if (is_null($value) || !is_string($value)) return;
 
         // Sorting methods
-        if(strcasecmp($value, 'asc')) return 'asc';
-        if(strcasecmp($value, 'desc')) return 'desc';
+        if(strcasecmp($value, 'asc') == 0) {
+            return 'asc';
+        } else if (strcasecmp($value, 'desc') == 0) {
+            return 'desc';
+        }
 
         // Return default null. This allows different defaults per method.
         return NULL;