Pagination Issues

D_tunisia

I've created this pagination code (see below). It works fine on its own but I pass and $id in the link which decides which category of news to display. I've got this as far as I can but at the moment when you click the 'next page' link rather than go to page 2 it goes to category 2!

If any one can help out I would be really greatful!

<?php

include ("dbConfig.php");

mysql_select_db("ittechni_main");

if (isset($_GET['pageno'])) {
   $id = $_GET['pageno'];
} else {
   $id = 1;
} // if

$query = "SELECT * FROM posts WHERE category=$id ORDER BY id DESC";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];

while ($myrow = mysql_fetch_row($result)) { 

printf("<font face=verdana size=2><a 

href=\"full_view.php?id=%s\">%s</a><br><font size=1>Posted by %s<br><br>\n", 

$myrow[0], $myrow[2], $myrow[1]);

}

$rows_per_page = 15;
$lastpage      = ceil($numrows/$rows_per_page);

$id = (int)$id;
if ($id < 1) {
   $id = 1;
} elseif ($id > $lastpage) {
   $id = $lastpage;
} // if

$limit = 'LIMIT ' .($id - 1) * $rows_per_page .',' .$rows_per_page;

if ($id == 1) {
   echo " FIRST PREV ";
} else {
   echo " <a href='{$_SERVER['PHP_SELF']}?$id=1'>FIRST</a> ";
   $prevpage = $id-1;
   echo " <a href='{$_SERVER['PHP_SELF']}?$id=$prevpage'>PREV</a> ";
} // if

echo " ( Page $id of $lastpage ) ";

if ($id == $lastpage) {
   echo " NEXT LAST ";
} else {
   $nextpage = $id+1;
   echo " <a href='{$_SERVER['PHP_SELF']}?pageno=$nextpage'>NEXT</a> ";
   echo " <a href='{$_SERVER['PHP_SELF']}?pageno=$lastpage'>LAST</a> ";
} // if

?>

goldbug

Well of course it does. Look what you have here:

if (isset($_GET['pageno'])) {
   $id = $_GET['pageno'];
} else {
   $id = 1;
} // if

$query = "SELECT * FROM posts WHERE category=$id ORDER BY id DESC";

You also don't seem to have any pagination in your SQL (lookup the "LIMIT" statement)

Another thing, unreleated, to keep in mind, is that your database is quite vulnerable because you don't properly cleanse the get variable.
following the link
"test.php?pageno=1%3B+DELETE+FROM+posts%3B+SELECT+%2A+FROM+posts" (assuming in this case, the file is named test.php)
... would cause some data loss.