TobiasNielsen Posted October 7, 2012 Share Posted October 7, 2012 my problems is propably very simple.. :/ Some of my code.. if(isset($_GET['next'])){ $ID = $_GET['ID']; $ID=$ID+1; } elseif(isset($_GET['prev'])){ $ID = $_GET['ID']; $ID=$ID-1; }else{ $ID = 1; } mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE ID = $ID"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> problem 1 Red = shows the first post i wrote.. i need it to show the most resent? Http://adress.com/?page=Blog2&ID=1&next=1 Problem 2 Green = the adress' for the diffent post shows like this.. how do i link to a specific post? ex. Http://adress.com/?page=Blog2&ID=2 does not work? the &ID=1&next=1 works fine for me but then again am i on post 1 there is still a link for the post before :/ that does not exsist and the latest post still have a next post link please help many thanks the self learned php dummy Tobias Nielsen the whole page looks like this if i didnt get all you needed in top part.... SORRY Iam from denmark so my english sucks and my blog is in danish >_< <BODY> <?php $host="HOST"; $username="username"; $password="password"; $db_name="dbname"; $tbl_name="blog"; if(isset($_GET['next'])){ $ID = $_GET['ID']; $ID=$ID+1; } elseif(isset($_GET['prev'])){ $ID = $_GET['ID']; $ID=$ID-1; }else{ $ID = 1; } mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE ID = $ID"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <br><center> <table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th scope="col"><table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th width="100" height="99" rowspan="2" background="Resources/Img/Layout/Kalender/2012.png" scope="col"><table width="100" border="0" cellspacing="0" cellpadding="0"> <tr> <th height="46" valign="bottom" scope="col" id="db-dato-text"><? echo $rows['dato']; ?></th> </tr> <tr> <th class="style3" scope="row"> </th> </tr> </table></th> <th height="41" align="left" valign="bottom" scope="col" id="db-title-text"> <p><? echo $rows['title']; ?><br /> </p></th> </tr> <tr> <th align="left" valign="top" scope="col" id="db-info-text"><p> Indlæg nr : <? echo $rows['id']; ?><br> Sted : <? echo $rows['sted']; ?><br> Klokken : <? echo $rows['klokken']; ?><br /> </p></th> </tr> </table> <table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th width="153" scope="col" id="blog-indlæg-text"><div align="left"><br><? echo $rows['indlæg']; ?><br /><br><br> <br /> </div></th> </tr> </table></th> </tr> </table><br><br> <table width="500"> <tr> <td width="100" id="tidligere-post"><? echo '<a href="?page=Blog2&ID='.$ID.'&prev=1"><b>Forrige indlæg</b></a>'; ?></td> <td width="300" > </td> <td width="100" id="nyere-post"><? echo '<a href="?page=Blog2&ID='.$ID.'&next=1"><b>Nyere indlæg</b></a>'; ?></td> </tr> </table> <br></center> <?php } mysql_close(); ?></BODY> Quote Link to comment Share on other sites More sharing options...
thara Posted October 7, 2012 Share Posted October 7, 2012 When posting source code, use the code tags. That's the button up above the textarea with ("<>") mark on it. Using the code tags will help even more than colorizing your code! Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 can i reEdit? Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 (edited) my problems is propably very simple.. :/ Some of my code.. if(isset($_GET['next'])){ $ID = $_GET['ID']; $ID=$ID+1; } elseif(isset($_GET['prev'])){ $ID = $_GET['ID']; $ID=$ID-1; }else{ $ID = 1; -------------- Problem 1------------------- } mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE ID = $ID"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> problem 1 shows the first post i wrote.. i need it to show the most resent? Http://adress.com/?page=Blog2&ID=1&next=1 Problem 2 the adress' for the diffent post shows like this.. how do i link to a specific post? ex. Http://adress.com/?page=Blog2&ID=2 does not work? the &ID=1&next=1 works fine for me but then again am i on post 1 there is still a link for the post before :/ that does not exsist and the latest post still have a next post link please help many thanks the self learned php dummy Tobias Nielsen the whole page looks like this if i didnt get all you needed in top part.... SORRY Iam from denmark so my english sucks and my blog is in danish >_< <BODY> <?php $host="HOST"; $username="username"; $password="password"; $db_name="dbname"; $tbl_name="blog"; if(isset($_GET['next'])){ $ID = $_GET['ID']; $ID=$ID+1; } elseif(isset($_GET['prev'])){ $ID = $_GET['ID']; $ID=$ID-1; }else{ $ID = 1; -------- Problem 1 ----------- } mysql_connect("$host", "$username", "$password")or die("cannot connect server "); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name WHERE ID = $ID"; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?> <br><center> <table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th scope="col"><table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th width="100" height="99" rowspan="2" background="Resources/Img/Layout/Kalender/2012.png" scope="col"><table width="100" border="0" cellspacing="0" cellpadding="0"> <tr> <th height="46" valign="bottom" scope="col" id="db-dato-text"><? echo $rows['dato']; ?></th> </tr> <tr> <th class="style3" scope="row"> </th> </tr> </table></th> <th height="41" align="left" valign="bottom" scope="col" id="db-title-text"> <p><? echo $rows['title']; ?><br /> </p></th> </tr> <tr> <th align="left" valign="top" scope="col" id="db-info-text"><p> Indlæg nr : <? echo $rows['id']; ?><br> Sted : <? echo $rows['sted']; ?><br> Klokken : <? echo $rows['klokken']; ?><br /> </p></th> </tr> </table> <table width="500" border="0" cellspacing="0" cellpadding="0"> <tr> <th width="153" scope="col" id="blog-indlæg-text"><div align="left"><br><? echo $rows['indlæg']; ?><br /><br><br> <br /> </div></th> </tr> </table></th> </tr> </table><br><br> <table width="500"> <tr> <td width="100" id="tidligere-post"><? echo '<a href="?page=Blog2&ID='.$ID.'&prev=1"><b>Forrige indlæg</b></a>'; ?></td> ------------- problem 2 --------- <td width="300" > </td> <td width="100" id="nyere-post"><? echo '<a href="?page=Blog2&ID='.$ID.'&next=1"><b>Nyere indlæg</b></a>'; ?></td> ---------- problem 2 part 2 -------- </tr> </table> <br></center> <?php } mysql_close(); ?></BODY> Edited October 7, 2012 by TobiasNielsen Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 1. use mysqli instead of mysql http://php.net/manual/en/function.mysql-connect.php (look at the big red box) 2. separate php and html don't mix it. 3. always properly escape your sql arguments Getting the previous and next is not as simple as +1 and -1 because you may want to hide/delete a row in the future and the +-1 won't allow you to instead use a query: <?php $sql = " SELECT *, (SELECT max(id) FROM `%1$s` WHERE id < %2$d AND status = 'published') AS prev_id, (SELECT min(id) FROM `%1$s` WHERE id > %2$d AND status = 'published') AS next_id FROM `%1$s` WHERE id = %2$d AND status = 'published' "; $dbname = mysqli_connect('host', 'user', 'pass', 'dbname'); if (mysqli_connect_error()) { // todo add proper error handling here echo mysqli_error($dbname); exit; } $stmt = sprintf( $sql, mysqli_real_escape_string($dbname, $table_name), mysqli_real_escape_string($dbname, $_GET['id']) ); $res = mysqli_query($dbname, $stmt); if ($res === false) { // query failed // todo add proper error handling here echo mysqli_error($dbname); exit; } if (mysqli_num_rows($res) === 0) { // wrong id // you know the drill echo 'no such ID'; exit; } $post = mysqli_fetch_assoc($res); ?> HTML HERE <ul class="paginator"> <!-- previous --> <?php if ($post['prev_id']): ?> <li class="previous"> <a href="blog.php?id=<?= $post['prev_id'] ?>"><</a> </li> <?php endif ?> <!-- next --> <?php if ($post['next_id']): ?> <li class="next"> <a href="blog.php?id=<?= $post['next_id'] ?>">></a> </li> <?php endif ?> </ul> Quote Link to comment Share on other sites More sharing options...
Christian F. Posted October 7, 2012 Share Posted October 7, 2012 (edited) A bit too fast in the corners there, ignace? String-escaping an integer... TobiasNielsen: Besides that unnecessary mysqli_real_escape_string () on the ID, I strongly recommend that you take his code into use. Not only that, but study it until you understand what every single line of it does, and (more importantly) why. Now, the only thing that his code didn't fix was your first issue, which you can do by using a little SQL "injection" of your own: if (!isset ($_GET['id'])) { $id = 'MAX(ID)'; } Though, this requires that you change the %2$d bit in the SQL string template with %2$s, and that you manually cast $_GET['id'] to an integer when fetching it. Otherwise you'll open yourself up to true SQL injections. Edited October 7, 2012 by Christian F. Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 in my old script i used this $tbl_name="blog"; do i inset that line here $dbname = mysqli_connect('host', 'user', 'pass', 'dbname'); or here mysqli_real_escape_string($dbname, $table_name), thanks for the quick respons i look more deeply into the code when i get it to work ..although it looks pretty much over my skills >_< Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 (edited) A bit too fast in the corners there, ignace? String-escaping an integer... Edited October 7, 2012 by ignace Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 (edited) Now, the only thing that his code didn't fix was your first issue, which you can do by using a little SQL "injection" of your own: if (!isset ($_GET['id'])) { $id = 'MAX(ID)'; } Though, this requires that you change the %2$d bit in the SQL string template with %2$s, and that you manually cast $_GET['id'] to an integer when fetching it. Otherwise you'll open yourself up to true SQL injections. It's easy enough to modify my code without having to resort to "sql inject" yourself... The OP just needs to enclose the query part with an if/else. Edited October 7, 2012 by ignace Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 should i still use the : mysqli_real_escape_string () ? or forget about that? Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 (edited) should i still use the : mysqli_real_escape_string () ? or forget about that? Not when the value is a number and you use it in combination with sprintf and %d (look that up in the manual by clicking on the previous link), what CF was trying to point out. Maybe until you fully grasp PHP and how everything works it's best if you use mysqli_real_escape_string on everything before inserting it into an SQL string. Edited October 7, 2012 by ignace Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 in my old script i used this $tbl_name="blog"; do i inset that line here $dbname = mysqli_connect('host', 'user', 'pass', 'dbname'); or here mysqli_real_escape_string($dbname, $table_name), If you had to guess which one would you choose? Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 i still get 2 warnings i think is because of the $tbl_name="blog"; Warning: sprintf() [function.sprintf]: Too few arguments in/home/a6952815/public_html/Content/Pages/Blog3.php on line 28 and Warning: mysqli_query() [function.mysqli-query]: Empty query in/home/a6952815/public_html/Content/Pages/Blog3.php on line 30 Quote Link to comment Share on other sites More sharing options...
TobiasNielsen Posted October 7, 2012 Author Share Posted October 7, 2012 (edited) the first one :/ but then i get even more warnings Edited October 7, 2012 by TobiasNielsen Quote Link to comment Share on other sites More sharing options...
ignace Posted October 7, 2012 Share Posted October 7, 2012 (edited) Warning: sprintf() [function.sprintf]: Too few arguments in/home/a6952815/public_html/Content/Pages/Blog3.php on line 28 and Warning: mysqli_query() [function.mysqli-query]: Empty query in/home/a6952815/public_html/Content/Pages/Blog3.php on line 30 The first warning means there not enough arguments which is when $_GET['id'] is missing which is why you need modify the code so that it encloses the querying part: (The second is due to the first warning) if (isset($_GET['id'])) { // get the specified post $sql = " SELECT *, (SELECT max(id) FROM `%1$s` WHERE id < %2$d AND status = 'published') AS prev_id, (SELECT min(id) FROM `%1$s` WHERE id > %2$d AND status = 'published') AS next_id FROM `%1$s` WHERE id = %2$d AND status = 'published' "; $dbname = mysqli_connect('host', 'user', 'pass', 'dbname'); if (mysqli_connect_error()) { // todo add proper error handling here echo mysqli_error($dbname); exit; } $stmt = sprintf($sql, mysqli_real_escape_string($dbname, $table_name), mysqli_real_escape_string($dbname, $_GET['id'])); } else { // get the latest post $sql = " SELECT *, (SELECT max(id) FROM `%1$s` T2 WHERE T2.id < T1.id AND status = 'published') AS prev_id FROM `%1$s` T1 ORDER BY id DESC LIMIT 1 "; $stmt = sprintf($sql, mysqli_real_escape_string($dbname, $table_name)); } Edited October 7, 2012 by ignace Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.