MySQL / Paging and search results

Discussion in 'Programming/Scripts' started by edge, Jan 29, 2010.

  1. edge

    edge Active Member Moderator

    At the moment I'm adding a search option to one of my projects.
    The search is working great, but sometimes giving too much results back to fit on one page.

    I know how to do a paging on results from the MySQL (page 1, page 2 etc..), but how do you do this on a search result?

    I see that the HowtoForge forum does this by using a "searchid=xxxxx".
    Whats stored in the searchid? Is this the search terms that the user used for the search?
    Also.. Is the searchid stored in a MySQL or in a session?
  2. falko

    falko Super Moderator ISPConfig Developer

    I can't say for sure, but I guess it's stored in a session.
  3. edge

    edge Active Member Moderator

    Thats how I'm doing it at the moment.

    The problem is (I think) that "hackers" can inject stuff into a session, and that way inject into the MySQL. (I might be over paranoid)
  4. badben

    badben ISPConfig Developer ISPConfig Developer

    I think the best way would be to store the search terms in the session.

    If you validate the fields correctly each time, before you search, even if your session data is tainted there shouldn't be a problem.

    Then you can treat it like any other pagination.

Share This Page