Number of Products per Page

[HDFilmMaker2112]

nvm, typo.

[PFMaBiSmAd]

You might want to proof read the variable names involved.

 

And while I am sure I have already suggested this, here it is again, because you have the same problem with your variable names in this thread that you had the last time I suggested this - Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php will help you by reporting and displaying all the errors it detects. You will save a TON of time. You would have gotten a undefined variable error that would have called your attention to the problem.

[PFMaBiSmAd]

Also, in the code you posted, then deleted, you are using mysql_real_escape_string for a numerical value being put into the LIMIT clause of a query. Attempting to escape the number won't stop any sql injection and your script is open to attack.

[HDFilmMaker2112]

Also, in the code you posted, then deleted, you are using mysql_real_escape_string for a numerical value being put into the LIMIT clause of a query. Attempting to escape the number won't stop any sql injection and your script is open to attack.

 

Okay, so how do I prevent it, because I don't know of any other way?

[HDFilmMaker2112]

Well I just added is_numeric(); to all calls to an ID in the database and all the places where I get a LIMIT setting from an external source. Is that what you were referring to?

 

if(isset($_GET['num_products']) && is_numeric($_GET['num_products'])){
$num_products_per_page=$_GET['num_products'];
$num_products_per_page = stripslashes($num_products_per_page);
$num_products_per_page = mysql_real_escape_string($num_products_per_page);
}