Page 1 of 1

Pagination not completely working...

Posted: Wed Feb 28, 2007 11:52 pm
by snappydesigns
I'm progressing with my project and finally feeling like it's time to paginate. I followed a tutorial in a book I own and have almost successfully implemented the concept within my sample pages. However, a couple of problems occur. The pagination links only show up on the first page. Here's the page I'm trying this on: http://twinpapers.com/view_stacyclaireb ... flats2.php

The other problem is that I would like the pagination links to show up under the page titles but above the thumbnails with a white background.

Here's the code for my php doc (no need to heckle about the echo tags, I'm fully aware of my shortcomings :lol: ):

Code: Select all

<?php 
// Set a var for this page name 
$this_page = basename($_SERVER['PHP_SELF']); 

// Include the header.html file - This should really be include_once 
include_once 'header.html'; 

// Include a utility file 
include_once 'connect_stacy.php'; 
    
// Check to see of the query string var pid is set 
if (isset($_GET['id'])) 
{ 
    // it is, so assign the $id var the value of the query string var 'pid' 
    $id = $_GET['id']; 
    
    // Make a SQL query instruction that pulls columns item_id, 
    // product_name, product_id and image_name from the 
    // donovadesigs table where the item_id value is the same 
    // as the query string pi value 
    $query = 'SELECT item_id, product_name, image_name, vendor, price1, price2, price3, price4, addlprice FROM baby_sta_flats WHERE item_id = ' . $id; 

    // Execute the query instruction, halt process on query failure 
    $result = mysql_query($query) or die('Could not execute the query: ' . mysql_error()); 
    
    // Assign a one-dimensional, associateive array of the query 
    // result data to $row 
    $row = mysql_fetch_array($result); 

        // if the file_exists() function returns non-false... 
    if ($image = file_exists($row['image_name'])) 
    { 
        // Echo out the image path in a div (remembering to close the div tag Wink 
        echo '<table border="0" width="746" bgcolor=#FFFFFF align="center" cellpadding="0" cellspacing="0">';
          echo '<tr>';
            echo '<td width="1%">&nbsp;</td>';
            echo '<td width="57%"> <div align="center"><img src="' . $row['image_name'] . '"></div></td>';
            echo '<td width="1%"><div align="center">';
            echo '<td width="40%"><div align="center">';
              echo '<table width="100%" border="0" cellpadding="0">';
                echo '<tr>';
                  echo '<td height="19"> <h1>Item #: ' . $row['product_name'] . '<br>
                  </h1></td>';
                echo '</tr>';
                echo '<tr>';
                  echo '<td><h3>by '. $row['vendor'] . '</h3></td>';
                echo '</tr>';
                echo '<tr>';
                  echo '<td>';
                  echo '<p>';
                  echo 'Send your notes with style. These simple and colorfully 
                    designed flat cards make writing fun. The inside of the 
                    card is blank. Dimensions: 4 3/4" x 6 1/4" ';
                  echo '<br>'; 
                  echo 'Choose from a variety of fonts to 
                    personalize your selection.';
                  echo '<br>';
                echo '</tr>'; 
                  echo'<td>&nbsp;</td>';
                echo '</tr>';
                echo '<tr>';
                  echo '<td>';
                  echo '<a href="http://twinpapers.com/stacyclaireboydfonts.pdf" target="_blank">View Typestyles</a>';
                  echo '<br>';
                  echo '</p></td>';
                echo '</tr>';
                echo '<tr>';
                  echo '<td>&nbsp;</td>';
                echo '</tr>';
                echo '<tr>';
                  echo '<td>';
                  echo '<table border="0" cellpadding="3" cellspacing="1" bgcolor="#AE947A">';
                  echo '<tr bgcolor="#FCF9EE">';
                    echo '<td align="left"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">Quantity</font></td>';
                    echo '<td align="center" bgcolor="#FCF9EE"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">25</font></td>';
                    echo '<td align="center" bgcolor="#FCF9EE"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">50</font></td>';
                    echo '<td align="center" bgcolor="#FCF9EE"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">75</font></td>';
                    echo '<td align="center" bgcolor="#FCF9EE"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">100</font></td>';
                    echo '<td align="center" bgcolor="#FCF9EE"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">+25</font></td>';
                 echo '</tr>';
                    echo '<tr bgcolor="#FCF9EE">';
                    echo '<td align="left"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">Flat Cards 
                        </font></td>';
                    echo '<td align="center"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">' . $row['price1'] . '</font></td>';
                    echo '<td align="center"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">' . $row['price2'] . '</font></td>';
                    echo '<td align="center"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">' . $row['price3'] . '</font></td>';
                    echo '<td align="center"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">' . $row['price4'] . '</font></td>';
                    echo '<td align="center"><font color="#663300" size="1" face="Arial, Helvetica, sans-serif">' . $row['addlprice'] . '</font></td>';
                  echo '</tr>';
                echo'</table></td>';
              echo '</tr>';
              echo '<tr>';
                echo '<td><br>';
                  echo '<a href="http://www.twinpapers.com/order_stacyclaireboyd_baby_flats.php?pid=' . $row['item_id'] . '"><img src="images/buttons/order.gif"></a> </td>';
              echo '</tr>';
            echo '</table>';
          echo '</div></td>';
        echo '<td width="1%">&nbsp;</td>';
      echo '</tr>';
    echo '</table></td>';    
      } 
    else 
    { 
        // Otherwise just say no image is available 
        echo '<div align="center">No Image Available.</div>'; 
    } 
} 
else 
{ 
    
$display = 20;

if (isset($_GET['np'])) { //Aldready been determined.

} else { //need to determine.
     
    //get the data 
    $query = "SELECT COUNT(*) FROM baby_sta_flats"; 
    $result = mysql_query($query) or die('Could not get the product names: ' . mysql_error());
    $row = mysql_fetch_array ($result, MYSQL_NUM);
    $num_records = $row[0]; 
    
    if ($num_records > $display) { //More than 1 page.
      $num_pages = ceil ($num_records/$display);
    } else {
      $num_pages = 1;
    }
} //End of np IF.

//Determine where in the database to start returning results.
if (isset($_GET['s'])) {
  $start = $_GET['s'];
} else {
  $start = 0;
}



 $query = "SELECT thumb_name, product_name, item_id, image_name FROM baby_sta_flats LIMIT     $start, $display"; 
    $result = mysql_query($query) or die('Could not get the product names: ' . mysql_error());   //set variables.
     
    $num_cols = 5; 
    $table_width = 735; 
    $record_number = 0; 
    $column_width = floor($table_width / $num_cols); 
        
    echo '<p>&nbsp;</p>'; 
    echo '<table border="0" width="746" bgcolor=#FFFFFF align="center">'; 
    echo '<tr><td><div align="center"><h1>BABY</h1></div></td></tr>'; 
    echo '<tr><td><div align="center"><h3>FLAT CARDS</h3></div></td></tr>'; 
    echo '<tr><td><div align="center"><h3>by Stacy Claire Boyd</h3></div></td></tr>'; 
    echo '<tr>';
    //Make the links to other pages, if necessary.
if ($num_pages > 1) {
    echo '<tr>';
    echo '<td>&nbsp;</td>';
  echo '</tr>';
    echo '<tr>';
    //Determine what page the script is on
    $current_page = ($start/$display) + 1;
  
  //If it's not the first page, make a Previous button.
    if ($current_page != 1) {
      echo '<td><div bgcolor=#FFFFFF align="center"><a href="view_stacyclaireboyd__baby_flats2.php?s='. ($start - $display) . '&      
      np=' . $num_pages . '">previous</a>';
    } 
  
  //Make all the numbered pages.
    for ($i = 1; $i <= $num_pages; $i++) {
      if ($i != $current_page) {
        echo '<a href="view_stacyclaireboyd_baby_flats2.php?s=' . (($display * ($i - 1))) 
        . '&np=' . $num_pages . '">' . $i . '</a>';
      } else {
        echo $i . ' ';
      }
    }
   
  //If it's not the last page, make a Next button.
    if ($current_page != $num_pages) {
      echo '<a href="view_stacyclaireboyd_baby_flats2.php?s=' . ($start + $display) . '&
      np='  . $num_pages . '">next</a>';
    } 
  
    echo '</div></td>';
    echo '</tr>';
}  //End of links section. 
    echo '<tr>';
    echo '<td><table border="0" width="'. $table_width . '" bgcolor=#FFFFFF align="center" cellpadding="10" cellspacing="2">';
        
    while ($row = mysql_fetch_array($result)) 
    { 
        if (fmod($record_number, $num_cols) == 0) 
        { 
            echo '<tr>'; 
        } 
        
        echo '<td align="center"><a href="' . $this_page .'?id=' . $row['item_id'] . '"> 
                <img src="' . $row['thumb_name'] . '"></a><br /> 
                <a href="' . $this_page . '?id=' . $row['item_id'] . '">' . $row['product_name'] . '</a></td>'; 
        
        $record_number++;    
        
        if (fmod($record_number, $num_cols) == 0) 
        { 
            echo '</tr>'; 
        } 
    } 
    
    echo '</table></td></tr></table>'; 
}

// Include the footer.html file, which should also be an include_once 
include_once 'footer.html'; 
?>
The code specifically for the thumbnails page (this is actually code for the thumbnails page and invidual product pages) begins at the

Code: Select all

$display = 20;
I read and re-read through the code, and I just don't see where I'm going wrong. At the very least, why aren't the pagination links showing up on the subsequent pages? So frustrating! Can anyone see where I've gone wrong or how to resolve this?

Mega thanks in advance to anyone that can help!

Jen H.

Posted: Wed Feb 28, 2007 11:56 pm
by pickle
Your check isset($_GET['np']) results in the $num_pages variable not getting set.

Posted: Thu Mar 01, 2007 12:10 am
by feyd
Also, $_GET['id'] and $_GET['s'] allow SQL injection.

I've mentioned other bits before.

Posted: Thu Mar 01, 2007 10:42 am
by snappydesigns
Thanks for the replies.

pickle-
Your check isset($_GET['np']) results in the $num_pages variable not getting set.
This was exactly the problem...I can't believe I forgot that (it must have been too late to be working on this stuff). Your expertise is so greatly appreciated :D .

feyd-
You mentioned,
Also, $_GET['id'] and $_GET['s'] allow SQL injection.
Can you elaborate because I have no idea what SQL injection is...it sounds scary though. How do I fix it? Thanks!

Posted: Thu Mar 01, 2007 2:38 pm
by pickle
SQL injection is when a text value has SQL code in it. Un-escaping that could cause weird/really bad behaviour. For example:

Code: Select all

$field_value = $_GET['field'];

$query = "UPDATE myTable SET myField = '$field_value'";
mysql_query($query);
Could be very bad, if $_GET['field'] has the value 1';DELETE FROM myTable;'. The query would then be:

Code: Select all

UPDATE
  myTable
SET
  myField = '1';
DELETE
FROM
  myTable;
'';
Poof! That whole table is gone. Running $_GET['field'] through mysql_real_escape_string() will fix that.