WpQuery – ASC Order – Help PLEASE ! And SQL Injection Question

Hi Guys,

2 Questions if that’s ok?

I have built a customised user profile page on my WP site. The URL is

http://www.reviewrecruiter.com.au/user-profile-page?usernumber=125

My code is ;
<?php
global $wpdb;
$user_id = $usernumber; //change this if not in a std post loop
$where = ‘WHERE comment_approved = 1 AND user_id = ‘ . $user_id;
$comment_count = $wpdb->get_var(
“SELECT COUNT( * ) AS total
FROM {$wpdb->comments}
{$where}
“);
$user = get_userdata($user_id);
$post_count = get_usernumposts($user->ID);

?>

<?php
$numposts = $wpdb->get_results(“SELECT * FROM $wpdb->posts WHERE post_author = $user_id
“); ?>

You’ll notice I use this to get both comments and posts and then go through hell to get out the relevant info ! 🙂 Any way, what I thought should be simple, has turned out to be rather complex. That is, ORDER BY

Basically I want to order by date newest to oldest. Can someone please tell me where this sql command needs to go?

Question 2.

I’m using the user_id in the href by $heading=$_GET[‘usernumber’];
Then passing the usernumber to get the user info.

The user must be logged in for this to work, but my question is, can a user inject sql into the usernumber ? Are there any vulnerabilities here?

Any help would be very much appreciated.