<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> 
<head> 
  <title>Book Report</title>
  <link rel="stylesheet" type="text/css" href="../style.css" />
  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
</head> 

<body>

<?php

// function definitions first
function doGetAll() {
    $sortby = $_GET['sortby'];

    if ($sortby == "") {$sortby = "author";}

    // hardwired safety check for the sortby parameter to avoid SQL injection.
    if (($sortby != "author") && ($sortby != "title") && ($sortby != "year"))
    { exit; }

    $conn = new PDO("mysql:host=mysql.truman.edu;dbname=agarvey", "agarvey", "Shower@spring17");
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $stmt = $conn->prepare("SELECT author, title, year FROM books ORDER BY $sortby");

    $stmt->execute();

    echo <<<END

     <p>Here are all the books sorted by $sortby:</p>

    <table border=\"1\">
    <th><a href="bookTable.php?sortby=author">Author</a></th>
    <th><a href="bookTable.php?sortby=title">Title</a></th>
    <th><a href="bookTable.php?sortby=year">Year</a></th>
END;
   
    while ( $row = $stmt->Fetch(PDO::FETCH_ASSOC))
      // This magically sets $xyz to the value of the column named
          // xyz in the current query.
          // extract($row);
          // If extract is not used, achieve the same effect by doing
          //  $row["xyz"]
          // Also, mysql_fetch_row returns a regular positional array
          // instead of an associative array.

{

    print "<tr><td>{$row['author']}</td><td>{$row['title']}</td><td>{$row['year']}</td><tr>";
      }
    print "</table>";
}


doGetAll();