ORDER BY $order - Possible security hole?

I have a code like this:

ORDER BY $order

Where '$order' is taken from the url like:

http://mywebsite.com/page.php?order=Bananas DESC

Could someone with wrong intentions add their own code at the end of the URL and thus do whatever they like?

If you don't check what's on $order variable, then your code is definitely exposed to potential SQL injection attacks.

So, you need to sanitize your input variables by making sure what you get from the GET command is actually a valid order by clause (you can use a regular expression for that).

Or you can do some kind of encoding for your application to form the order by clauses. Something like making:

http://mywebsite.com/page.php?orderField=1&orderType=DESC

And then mapping in your code 1 to Bananas for orderField parameter, and ASC or DESC for your orderType parameter.

Probably yes. Depending on your config the attacker could insert something like this:

"Bananas; drop table students"

Subqueries instead of multiple statements might be possible too

I'd either build the order clause myself, or compare it against a whitelist.

Example :

SELECT * FROM bugs ORDER BY $column $direction

You must define possible options :

 $column =array('id','name',....);
$direction = array('ASC','DESC'); 

then :

if(array_key_exists ($_REQUEST['column'],$column){
    $column = $column[  $_REQUEST['column']  ];
}else{
...defaults....
}