HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Programming/Scripts (http://www.howtoforge.com/forums/forumdisplay.php?f=7)
-   -   MySQL / Paging and search results (http://www.howtoforge.com/forums/showthread.php?t=43129)

edge 29th January 2010 15:35

MySQL / Paging and search results
 
At the moment I'm adding a search option to one of my projects.
The search is working great, but sometimes giving too much results back to fit on one page.

I know how to do a paging on results from the MySQL (page 1, page 2 etc..), but how do you do this on a search result?

I see that the HowtoForge forum does this by using a "searchid=xxxxx".
Whats stored in the searchid? Is this the search terms that the user used for the search?
Also.. Is the searchid stored in a MySQL or in a session?

falko 30th January 2010 16:25

I can't say for sure, but I guess it's stored in a session.

edge 30th January 2010 17:07

Thats how I'm doing it at the moment.

The problem is (I think) that "hackers" can inject stuff into a session, and that way inject into the MySQL. (I might be over paranoid)

badben 23rd February 2010 02:38

I think the best way would be to store the search terms in the session.

If you validate the fields correctly each time, before you search, even if your session data is tainted there shouldn't be a problem.

Then you can treat it like any other pagination.


All times are GMT +2. The time now is 19:25.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.