Showing multiple pages of data.

AndrewWest

Here's the two questions I have to ask.

1) How can I limit my thread viewing to x posts per page.

2) Should I use use something in my _GET to prevent SQL injection?

<?php
/////////////////////////////////////////////////////////////////////////////////////
//// Get this thread ////////////////////////////////////////////////////////////////
$t = $_GET['t'];

/////////////////////////////////////////////////////////////////////////////////////
//// Get the posts in the thread ////////////////////////////////////////////////////
$post = mysql_query("SELECT * FROM posts WHERE topic=$t ORDER BY id ASC");

/////////////////////////////////////////////////////////////////////////////////////
//// If there is query dont work do not show ////////////////////////////////////////
if (!$post) {
   die('Invalid query: ' . mysql_error());
}


/////////////////////////////////////////////////////////////////////////////////////
//// Update the views when seen /////////////////////////////////////////////////////
mysql_query("UPDATE topics SET views=views+1 WHERE id=$t");


/////////////////////////////////////////////////////////////////////////////////////
//// Post list top //////////////////////////////////////////////////////////////////
include("././templates/post_list_top.php");

/////////////////////////////////////////////////////////////////////////////////////
//// Show the posts /////////////////////////////////////////////////////////////////
while ($row = mysql_fetch_array($post)) {
$i = mysql_query("SELECT * FROM members WHERE name='" .$row['author']. "'");
$info = mysql_fetch_array($i);
$t = mysql_query("SELECT * FROM topics WHERE id='" .$t. "'");
$topic = mysql_fetch_array($t);
$row['author'] = "<a href='./index.php?page=profile&m=" .$row['author']. "'>$row[author]</a>";

   include("././templates/post_list.php");
}

/////////////////////////////////////////////////////////////////////////////////////
//// Bottom of the  page ////////////////////////////////////////////////////////////
include("././templates/post_list_bottom.php");
?>

PallaviDalvi

instead of using a while condition that prints all the posts...if u used a condition that printed, say x, records ...that wud display x posts per page. on how to do this...follow the threads on pagination... coz thats whats u wud have to do.
PS. didnt get the second que...was it in relation to que 1??

tude-marie

If you add the following to the end of your SQL statements you will limit the number of rows the query returns.

LIMIT x, y

"x" being the starting point and "y" being the number of posts you want to return.

You can use mysql_escape_string($_GET['blabla']) to remove any speciel chars that might try to change your SQL.

AndrewWest

Tude-Marie

Thanks! Now, how would I should multiple pages? I have it limited to 25 posts per page, now say there was 26 posts... there should be a page 2 correcT? What would be the best way to access this?

Thanks Again.
AndrewWest

AndrewWest

No one? Thanks for anyone who does help/