Jump to content

Cannot Paginate With Right Join?

totalphpnoob517

By totalphpnoob517
in PHP Coding Help

 Share

Recommended Posts

totalphpnoob517 Newbie

totalphpnoob517

Posted
Posted (edited)

Hello all, I am working on paginating my "open cases" report...I used the pagination script here

 

http://blog.drale.com/tableview/

 

and all is well, I can show all open cases and they are paginated and it works...but now the users want to see instead of just the retailer number, the retailer name/address/city/phone/zip as well which are in the retailer master table. I have a non paginated report that works fine, so I copy and pasted that query into the query used in this tutorial/script and it is throwing a few errors:

 

Notice: Undefined variable: query_string in C:\xampp\htdocs\paginate\Pagination.php on line 78

Notice: Undefined variable: query_string in C:\xampp\htdocs\paginate\Pagination.php on line 66

Deprecated: Function eregi_replace() is deprecated in C:\xampp\htdocs\paginate\Pagination.php on line 86

 

these errors seem trivial because when I replace it with the simple Select * From open_cases I still get the errors but the results are proper...however with the RIGHT JOIN query ($sql =

"SELECT * FROM

`retailer_master RIGHT JOIN open_cases ON retailer_master.Retailer_Number = open_cases.Retailer_Number`

ORDER BY $orderby $sort LIMIT $startrow,$limit")

I get:

 

Incorrect table name 'retailer_master RIGHT JOIN open_cases ON retailer_master.Retailer_Number = open_cases.Retailer_Numbe'

 

as well. I was wondering if there is an obvious mistake I am overlooking or if I am not even close and there is a bigger problem. As my username indicates...I am a total noob (to PHP). Also, I can post my code if needed, but all I really changed was my query and the db connection variables. I appreciate any help a lot because I was all set to deploy this and then it hit me...what about the retailer info..I need a JOIN in the paginated report!!

Edited by totalphpnoob517
Link to comment
Share on other sites
totalphpnoob517 Newbie

totalphpnoob517

Posted
  • Author
Posted

//added by drale.com - 1-19-2010

function showNext($totalrows,$page,$limit,$text="next »"){

$next_link = null;

$numofpages = $totalrows / $limit;

 

if($page < $numofpages){

$page++;

$next_link = '<div class="page-link"><a href="?page='.$page.'&'.$query_string.'">'.$text.'</a></div>';

}

 

return $next_link;

}

 

function showPrev($totalrows,$page,$limit,$text="« prev"){

$next_link = null;

$numofpages = $totalrows / $limit;

 

if($page > 1){

$page--;

$prev_link = '<div class="page-link"><a href="?page='.$page.'&'.$query_string.'">'.$text.'</a></div>';

}

 

return $prev_link;

}

 

function queryString(){

//matches up to 10 digits in page number

$query_string = eregi_replace("page=[0-9]{0,10}&","",$_SERVER['QUERY_STRING']);

return $query_string;

}

 

This is lines 59-88...the real trouble i'm having isn't these undefined index errors however, I turned off error reporting and changed the query to simply SELECT * FROM open_cases and although the errors still exist the results were correct, and properly paginated/formatted and I was in heaven. I need the columns in retailer_master table though, and when I put the right join query in I get no results and an error... the right join query is updated in the OP I originally left it blank because it didn't paste...

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The script you found doesn't appear like it can work. It looks like someone took some functions and threw them into a class definition and then didn't completely test it.

 

The two undefined notice messages are because that variable doesn't exist inside of the two functions it is used in.

 

ALSO, that script is insecure. The $orderby and $sort variables are from external data, but they are being put into the query having only been passed through mysql_real_escape_string function. Since they are not STRING DATA, enclosed by single quotes in the query, they are not inside of anything they need to be prevented from escaping from. It's possible to inject sql that uses NO quotes that could care less if you passed it through mysql_real_escape_string and if put into a query at a point that is not inside of quotes, will inject sql into your query and run it on your server.

 

For something like the $orderby and $sort variables in that code, you must validate that they only contain exactly the expected values or you must use prepared queries in order to prevent sql injection.

 

Read through and/or start with the following post for a general pagination script - http://forums.phpfreaks.com/topic/268497-pagination/page__hl__+http_build_query#entry1378864

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.