jarv Posted October 24, 2010 Share Posted October 24, 2010 Please can soemone help me here? I am getting Undefined Index but my page still works?! here is the line it is erroring on: $page = mysql_escape_string($_GET['page']); if($page){ $start = ($page - 1) * $limit; }else{ $start = 0; } Quote Link to comment Share on other sites More sharing options...
revraz Posted October 24, 2010 Share Posted October 24, 2010 And what is the URL that calls that script? What get passed in &page=? Quote Link to comment Share on other sites More sharing options...
monkeytooth Posted October 24, 2010 Share Posted October 24, 2010 mysql_escape_string can't be used outside of a mysql query string as its a function specific to mySQL and not php, as most mysql_<whatever> are. If your worried about someone injecting something via the $_GET variable you will need to filter it through other means. Heres a quick dirty function I made sometime back that usually does the job for me, though I'm sure there's either ways to improve this function, or just a better way all around to handle this. function cleaner4inputs($theInput){ $theOutput = stripslashes($theInput); $theOutput = htmlspecialchars($theOutput, ENT_QUOTES); $theOutput = str_replace("'", "\\'", $theInput); //$theOutput = htmlentities($theOutput); return $theOutput; } Quote Link to comment Share on other sites More sharing options...
jarv Posted October 24, 2010 Author Share Posted October 24, 2010 thanks, so what do I do? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 24, 2010 Share Posted October 24, 2010 mysql_escape_string can't be used outside of a mysql query string as its a function specific to mySQL and not php, as most mysql_<whatever> are. If your worried about someone injecting something via the $_GET variable you will need to filter it through other means. Heres a quick dirty function I made sometime back that usually does the job for me, though I'm sure there's either ways to improve this function, or just a better way all around to handle this. function cleaner4inputs($theInput){ $theOutput = stripslashes($theInput); $theOutput = htmlspecialchars($theOutput, ENT_QUOTES); $theOutput = str_replace("'", "\\'", $theInput); //$theOutput = htmlentities($theOutput); return $theOutput; } That is not correct. As long as a connection to the database has been made, mysql_real_escape_string() is fine to use. It does not have to be used only within the query string. As for your function, stripslashes is unnecessary unless magic_quotes_gpc = On, htmlspecialchars() is unnecessary to insert data into a database, and the str_replace() you've set up doesn't escape control characters. In the case of the OP, since it appears that the incoming GET var is expected to be numeric, it would be appropriate to validate it as such, and cast it as an integer. if( isset($_GET['page']) && ctype_digit($_GET['page']) ) { $page = (int) $_GET['page']; $start = ($page - 1) * $limit; }else{ $start = 0; } Quote Link to comment Share on other sites More sharing options...
jarv Posted October 24, 2010 Author Share Posted October 24, 2010 thanks for trying to help, it still errors! Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted October 24, 2010 Share Posted October 24, 2010 What is the exact error, and is that all of the php code in that file? Quote Link to comment Share on other sites More sharing options...
jarv Posted October 24, 2010 Author Share Posted October 24, 2010 here is my page code <?php include_once("config.php"); include_once("functions.php"); // Check user logged in already: checkLoggedIn("yes"); ?> <!doctype html> <html> <head> <title>Retro and Vintage</title> <meta name="description" content="xxx" /> <meta name="keywords" content="xxx" /> <meta name="Content-Language" content="en-gb" /> <meta name="robots" content="FOLLOW,INDEX" /> <meta name="revisit-after" content="2 days" /> <meta name="copyright" content="jbiddulph.com" /> <meta name="author" content="John Biddulph - Professional web site design and development in the south of england mainly worthing and brighton" /> <meta name="distribution" content="Global" /> <meta name="resource-type" content="document" /> <link rel="stylesheet" type="text/css" href="css/reset.css" /> <link rel="stylesheet" type="text/css" href="css/style.css" title="default" /> <link rel="alternate stylesheet" type="text/css" href="css/style1.css" title="1" /> <link rel="alternate stylesheet" type="text/css" href="css/style2.css" title="2" /> <script type="text/javascript" src="js/stylechanger.js"></script> <script type="text/javascript" src="js/jquery-1.2.1.pack.js"></script> <script type="text/javascript"> function lookup(inputString) { if(inputString.length == 0) { // Hide the suggestion box. $('#suggestions').hide(); } else { $.post("rpc.php", {queryString: ""+inputString+""}, function(data){ if(data.length >0) { $('#suggestions').show(); $('#autoSuggestionsList').html(data); } }); } } // lookup function fill(thisValue) { $('#inputString').val(thisValue); setTimeout("$('#suggestions').hide();", 200); } </script> </head> <body> <?php if($messages) { displayErrors($messages); }?> <header> <div id="title"> <h1>My Pub Space <a href="#" onClick="setActiveStyleSheet('default'); return false;"><img src="images/0.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('1'); return false;"><img src="images/1.gif" width="15" height="15" border="0" alt="css style" /></a> <a href="#" onClick="setActiveStyleSheet('2'); return false;"><img src="images/2.gif" width="15" height="15" border="0" alt="css style" /></a> <span> <form method="post" class="textbox" action="search1.php"> City/Town: <input type="text" size="26" class="searchbox" value="" id="inputString" onKeyUp="lookup(this.value);" onBlur="fill();" /> <div class="suggestionsBox" id="suggestions" style="display: none;"> <img src="images/upArrow.png" style="position: relative; top: -36px; left: 105px; z-index:1;" alt="upArrow" /> <div class="suggestionList" id="autoSuggestionsList"> </div> </div> <input type="image" src="images/go.png" height="30" with="30" value="GO" /> </form> </span> </h1> </div> </header> <nav> <ul> <li class="selected"><a href="#">Home</a></li> <li><a href="#">Pubs</a></li> <li><a href="#">Members</a></li> <li><a href="#">Events</a></li> <li><a href="#">Register</a></li> </ul> </nav> <section id="intro"> <header> <h2>Your social guide to going down the pub, online!</h2> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> <img src="images/pub.jpg" alt="pub" /> </section> <div id="content"> <div id="mainContent"> <section> <article class="blogPost"> <header> <h2>This is the title of a blog post</h2> <p>Posted on <time datetime="2009-06-29T23:31+01:00">June 29th 2009</time> by <a href="#">Mads Kjaer</a> - <a href="#comments">3 comments</a></p> </header> <?php $tableName="pubs"; $targetpage = "default.php"; $limit = 20; $query = "SELECT COUNT(*) as num FROM $tableName"; $total_pages = mysql_fetch_array(mysql_query($query)); $total_pages = $total_pages['num']; $stages = 3; $page = mysql_escape_string($_REQUEST['page']); if( isset($_REQUEST['page']) && ctype_digit($_REQUEST['page']) ) { $page = (int) $_GET['page']; $start = ($page - 1) * $limit; }else{ $start = 0; } // Get page data $query1 = "SELECT * FROM $tableName LIMIT $start, $limit"; $result = mysql_query($query1); // Initial page num setup if ($page == 0){$page = 1;} $prev = $page - 1; $next = $page + 1; $lastpage = ceil($total_pages/$limit); $LastPagem1 = $lastpage - 1; $paginate = ''; if($lastpage > 1) { $paginate .= "<div class='paginate'>"; // Previous if ($page > 1){ $paginate.= "<a href='$targetpage?page=$prev'>previous</a>"; }else{ $paginate.= "<span class='disabled'>previous</span>"; } // Pages if ($lastpage < 7 + ($stages * 2)) // Not enough pages to breaking it up { for ($counter = 1; $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } elseif($lastpage > 5 + ($stages * 2)) // Enough pages to hide a few? { // Beginning only hide later pages if($page < 1 + ($stages * 2)) { for ($counter = 1; $counter < 4 + ($stages * 2); $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // Middle hide some front and some back elseif($lastpage - ($stages * 2) > $page && $page > ($stages * 2)) { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $page - $stages; $counter <= $page + $stages; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } $paginate.= "..."; $paginate.= "<a href='$targetpage?page=$LastPagem1'>$LastPagem1</a>"; $paginate.= "<a href='$targetpage?page=$lastpage'>$lastpage</a>"; } // End only hide early pages else { $paginate.= "<a href='$targetpage?page=1'>1</a>"; $paginate.= "<a href='$targetpage?page=2'>2</a>"; $paginate.= "..."; for ($counter = $lastpage - (2 + ($stages * 2)); $counter <= $lastpage; $counter++) { if ($counter == $page){ $paginate.= "<span class='current'>$counter</span>"; }else{ $paginate.= "<a href='$targetpage?page=$counter'>$counter</a>";} } } } // Next if ($page < $counter - 1){ $paginate.= "<a href='$targetpage?page=$next'>next</a>"; }else{ $paginate.= "<span class='disabled'>next</span>"; } $paginate.= "</div>"; } echo $total_pages.' Results'; // pagination echo $paginate; ?> <ul> <?php while($row = mysql_fetch_array($result)) { echo '<li>'.$row['rsPubName'].', '.$row['rsTown'].', '.$row['rsCounty'].'</li>'; if ($_SESSION["rsUser"] == "admin") { echo "<a href=\"edit.php?PUBID=".$row['PubID']."\" class=\"small\">edit this pub</a>"; } } ?> </ul> </article> </section> <section id="comments"> <h3>Comments</h3> <article> <header> <a href="#">George Washington</a> on <time datetime="2009-06-29T23:35:20+01:00">June 29th 2009 at 23:35</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> <article> <header> <a href="#">Benjamin Franklin</a> on <time datetime="2009-06-29T23:40:09+01:00">June 29th 2009 at 23:40</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> <article> <header> <a href="#">Barack Obama</a> on <time datetime="2009-06-29T23:59:00+01:00">June 29th 2009 at 23:59</time> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut.</p> </article> </section> <form action="#" method="POST" method="post"> <h3>Post a comment</h3> <p> <label for="name">Name</label> <input name="name" id="name" type="text" required /> </p> <p> <label for="email">E-mail</label> <input name="email" id="email" type="email" required /> </p> <p> <label for="website">Website</label> <input name="website" id="website" type="url" /> </p> <p> <label for="comment">Comment</label> <textarea name="comment" id="comment" required></textarea> </p> <p> <input type="submit" value="Post comment" /> </p> </form> </div> <aside> <section> <header> <h3>Members Login Area</h3> </header> <h4>Welcome <? print($_SESSION["rsUser"]); ?></h4> <a href="logout.php">Logout</a> </section> <section> <header> <h3>Archives</h3> </header> <ul> <li><a href="#">December 2008</a></li> <li><a href="#">January 2009</a></li> <li><a href="#">February 2009</a></li> <li><a href="#">March 2009</a></li> <li><a href="#">April 2009</a></li> <li><a href="#">May 2009</a></li> <li><a href="#">June 2009</a></li> </ul> </section> </aside> </div> <footer> <div> <section id="about"> <header> <h3>About</h3> </header> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco <a href="#">laboris nisi ut aliquip</a> ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </section> <section id="blogroll"> <header> <h3>Blogroll</h3> </header> <ul> <li><a href="#">NETTUTS+</a></li> <li><a href="#">FreelanceSwitch</a></li> <li><a href="#">In The Woods</a></li> <li><a href="#">Netsetter</a></li> <li><a href="#">PSDTUTS+</a></li> </ul> </section> <section id="popular"> <header> <h3>Popular</h3> </header> <ul> <li><a href="#">This is the title of a blog post</a></li> <li><a href="#">Lorem ipsum dolor sit amet</a></li> <li><a href="#">Consectetur adipisicing elit, sed do eiusmod</a></li> <li><a href="#">Duis aute irure dolor</a></li> <li><a href="#">Excepteur sint occaecat cupidatat</a></li> <li><a href="#">Reprehenderit in voluptate velit</a></li> <li><a href="#">Officia deserunt mollit anim id est laborum</a></li> <li><a href="#">Lorem ipsum dolor sit amet</a></li> </ul> </section> </div> </footer> </body> </html> Quote Link to comment Share on other sites More sharing options...
revraz Posted October 25, 2010 Share Posted October 25, 2010 And again, what URL are you passing to that page? Quote Link to comment Share on other sites More sharing options...
jarv Posted October 25, 2010 Author Share Posted October 25, 2010 sorry it's: /main.php?page=7 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.