Page 1 of 1

LIMIT problem.

Posted: Mon Mar 13, 2006 2:49 pm
by mattyboi
Hey guys,

I'm new to MySQL and php. I am having problems with the LIMIT parameter of a MySQL query. The query is displayed below:

Code: Select all

$imgtype = $_GET['imgtype'];
$cnt = $_GET['cnt'];

if (!isset($cnt)) {
	$cnt = 0;
}

//select proper row in table based on cnt.
$sql = "SELECT * FROM `test` WHERE `imgtype` = '$imgtype'";
$sql .= " LIMIT $cnt, 1";
$result = mysql_query($sql);

$row = mysql_fetch_assoc($result);
$imgid = $row['ImgId'];
$imgname = $row['ImgName'];
The table is populated by Image names, types, and location. As you can see I am grabing all the records by $imgtype, then selecting one at a time based on the $cnt. Every time the page is reloaded the $cnt increments by one, so it should select the next row in the table based on the $imgtype and $cnt.

My problem is that even though I should be selecting only the records with the correct $imgtype. Its not, its selecting all the records in the table, even the ones with a different $imgtype.

Any ideas whats wrong?

Posted: Mon Mar 13, 2006 3:01 pm
by timvw
The table is populated by Image names, types, and location. As you can see I am grabing all the records by $imgtype, then selecting one at a time based on the $cnt. Every time the page is reloaded the $cnt increments by one, so it should select the next row in the table based on the $imgtype and $cnt.
Actually, the code that you have posted doesn't do what you're telling here...
My problem is that even though I should be selecting only the records with the correct $imgtype. Its not, its selecting all the records in the table, even the ones with a different $imgtype.
My advise is to echo the query before you use it... The query appears to be valid syntax and should do (more or less) what you described. The rows in a resultset aren't ordered unless you use an ORDER BY clause per definition.

I hope for you that you don't have any evil users... Or that you didn't post the code where you validate the input.

Posted: Mon Mar 13, 2006 3:01 pm
by hawleyjr
Most likely $_GET['imgtype'] is not passing anything echo out your query to see what its doing....


You REALLY need to validate $imgtype = $_GET['imgtype'] and $_GET['cnt'] before you put them in your query.

Posted: Mon Mar 13, 2006 3:06 pm
by Christopher
hawleyjr wrote:Most likely $_GET['imgtype'] is not passing anything echo out your query to see what its doing....


You REALLY need to validate $imgtype = $_GET['imgtype'] and $_GET['cnt'] before you put them in your query.
Yes, I would recommend:

Code: Select all

$imgtype = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['imgtype']);
$cnt = intval($_GET['cnt']);

here is an example.

Posted: Mon Mar 13, 2006 3:07 pm
by mattyboi
To see an example go to http://www.phoenixmason.com/newsite/gal.php

Click on the first button "Flagstone Patios" or "Brick Patios"

Posted: Mon Mar 13, 2006 3:10 pm
by mattyboi
Whoops sorry, hit submit to quick.

Anyway, clicking next and previous will show you the pictures in the table based on the $imgtype. The pictures that are broken should not even be showing up, they have a different $imgtype.

You can see that in my echo of the sql query. There is 3 flagstone pictures and 6 brick pictures.

Matt

Posted: Mon Mar 13, 2006 3:15 pm
by hawleyjr
arborint wrote:Yes, I would recommend:

Code: Select all

$imgtype = preg_replace('/[^a-zA-Z0-9]/', '', $_GET['imgtype']);
$cnt = intval($_GET['cnt']);
Intval prob isn't the best way to validate this. I'd do something like this:

Code: Select all

$cnt = is_numeric( $_GET['cnt'] )?$_GET['cnt']:0;

or

$cnt = !ereg('[^0-9]', $_GET['cnt'])?$_GET['cnt']:0;

Posted: Mon Mar 13, 2006 4:02 pm
by mattyboi
figured it out, just didnt have a WHERE in another query.

Thanks anyway 8)