View Single Post
  #3  
Old 11th December 2009, 16:17
surinwest surinwest is offline
Junior Member
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default code attached how to avoid query string url of php page to be spamed

I have a page, "article.php" on which I call an include file to display

query results. The include file code follows

<?php
include 'dataconnection.php';
$pagenum = $_GET['pagenum'];

//This checks to see if there is a page number. If not, it will set it to

page 1
if (!(isset($pagenum)))
{
$pagenum = 1;
}

//Here we count the number of results
//Edit $data to be your query
$data = mysql_query("Select * FROM news" );
$rows = mysql_num_rows($data);
if(!$rows){
echo mysql_error();
}

//This is the number of results displayed per page
$page_rows = 15;

//This tells us the page number of our last page
$last = ceil($rows/$page_rows);

//this makes sure the page number isn't below one, or more than

our maximum pages
if ($pagenum < 1)
{
$pagenum = 1;
}
elseif ($pagenum > $last)
{
$pagenum = $last;
}

//This sets the range to display in our query
$max = 'limit ' .($pagenum - 1) * $page_rows .',' .$page_rows;


$data_p = mysql_query("Select id,edid,title,date_format(date,

'%M %D, %Y') as date,SUBSTRING(body,1,150) AS body from

news where body like '%". $_GET["query"] . "%' order by id desc

$max") or die(mysql_error());

echo "<br>","<center>","<b>","News ","</b>","</center>","<br>";
while($info = mysql_fetch_array( $data_p ))
{
$id= $info[id];
$title= $info[title];
$title1 = str_replace (" ","-",($info[title]));
$code_entities_match = array(' ','-

-','&quot;','!','@','#','$','%','^','&','*','(',')' ,'_','+','{','}','|',':','"','<','>','?','[',']',

'\\',';',"'",',','.','/','*','+','~','`','=');
$code_entities_replace = array

('-','-','','','','','','','','','','','','','','','','', '','','','','','','','');
$title2 = str_replace($code_entities_match,

$code_entities_replace, $title);
echo "<br>", "<strong>","<a href='item/$id/

$title2'>".$title."</a>","</strong>";




Print $info[body];
echo "...";
echo "<br>";

}



// This shows the user what page they are on, and the total number

of pages
//echo "<br>"," Page $pagenum of $last <p>";
echo "<table width=200>", "<tr>","<td width=100>";echo "<br>";
// First we check if we are on page one. If we are then we don't

need a link to the previous page or the first page so we do

nothing. If we aren't then we generate links to the first page, and to

the previous page.
if ($pagenum == 1)
{
}
else
{
//echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=1'> <<-

First</a> ";
echo " ";
$previous = $pagenum-1;
echo " <a href='{$_SERVER['PHP_SELF']}?

pagenum=$previous'> <b><-Previous</b></a> ";
echo "</td>";
}

//just a spacer-now changed to td
echo "<td width=100>";
echo "<br>";
//This does the same as above, only checking if we are on the last

page, and then generating the Next and Last links
if ($pagenum == $last)
{
}
else {
$next = $pagenum+1;
echo " <a href='{$_SERVER['PHP_SELF']}?

pagenum=$next'><b> Next -></b></a> ";

//echo " <a href='{$_SERVER['PHP_SELF']}?

pagenum=$last'>Last ->></a> ";
}
echo "</td>", "</tr>", "</table>";
?>
-------------------------------------------------

It display the list of all news from the database limiting 15 to a

page. When I click on the Next page button, what I get on my url is
http://www.example.com/article.php?pagenum=2

At the url, if any changes are made like
http://www.example.com/article.php?id=2 (where id does not exist)
or
http://www.example.com/article/pagenum=2 (a slash instead of

.php?)
the site displays the results exactly like the oringinal page.

Why is this happening? I have a rewrite rule in my htaccess file

for another page for clean urls. All these files including the

htaccess files are in my root folder.

Problem2

I made another search folder with search page but the search

displays in its first page the results properly. When the Next page

link is clicked for page 2, what displays is exactly what is seen in

the http://www.example.com/article.php?pagenum=2.

Any help would greatly appreciated.
Reply With Quote