Jump to content

Where to find a safe search + pagination script

Tasos

By Tasos
in PHP Coding Help

 Share

Recommended Posts

Tasos Member

Tasos

Posted
Posted

Hello all i am searching for a safe search script and pagination, i have searched the web for days to find what i want but nothing do somebody know where to find a free sript or to buy ? 

 

I already have a script but is not safe i can hack my own website.

 

Thanks.

 

 

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

if you could not find a script that has the search and pagination features you want and was secure, what makes you think someone on a forum knows what search and pagination features you were looking for? and no, that's not a suggestion for you to list the features you want. we are not here to find things for you (you would hire a personal assistant for that). the point of programming help forums are to help you with problems in your code.

 

why not spend your time fixing your existing code? if you post it and state what method you were able to use to 'hack' your site, someone in this programming help forum will likely give suggestions on how to fix the problem.

Link to comment
Share on other sites
Tasos Member

Tasos

Posted
  • Author
Posted (edited)

Here is the complete script....

 

 

<?php include 'extern/connect.php';

  $categories = file_get_contents('extern/categories.php');
  $footer = file_get_contents('extern/footer.php');
  $logo = file_get_contents('extern/logo.php');
  $report = file_get_contents('extern/report.php');
 ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="//////" />
<meta name="description" content="/////" />
<title>///////<title>
<link rel="shortcut icon" href="images/favicon.ico"  />
<link rel="stylesheet" type="text/css" href="/css/style.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/css/ie-style.css" />
<![endif]-->

<script type="text/javascript" src="extern/stats.js" ></script>
<script type='text/javascript' src='ajax/jquery-1.8.1.js'></script>
		
		<script type="text/javascript">
			$(document).ready(function(){
				$('._bxn').click(function(){
					var file_id = $(this).attr('id');
					$.ajax({
						type: "POST",
						url: 'ajax/count.php',
						data: 'file_id=' + file_id
					});
				});
			});
		</script>
</head>
<body>
<div id="container">

<div id="header">
<div class="img"><?php echo $logo; ?></div>
<div id="form">
<form action='search.php' class='form-srch sr' method='GET'>
    <input type='text' name='search' placeholder='Search here...' required>
    <button type='submit' name='submit'>Search</button>
  </form> 
</div>
</div>
<div id="categories">
<?php echo $categories; ?>
</div>
<?php 
$button = $_GET ['submit'];
$search = $_GET ['search']; 
echo "<div id='containerbartop'>
<div id='dateadded'>Watch funny videos <b>$search</b> </div>
<div id='populair'><a href='populair.php'>Populair</a></div></div><div id='thumbcontainer'><ul class='mainv'>";
include 'extern/connectsearch.php';
$search_exploded = explode (" ", $search);
foreach($search_exploded as $funny)
{
$x++;
if($x==1)
$construct .="title LIKE '%funny%'";
else
$construct .="AND title LIKE '%funny%'";
                    
$constructs ="SELECT * FROM videos WHERE $construct";
$run = mysql_query($constructs);
   
$foundnum = mysql_num_rows($run);
   
if ($foundnum==0)
                
echo "Please try something else";

$per_page = 36;  
$id = $_GET['id'];
$max_pages = ceil($foundnum / $per_page);
if(!$id)
$id=0;                          
$getquery = mysql_query("SELECT * FROM videos WHERE $construct ORDER BY date DESC LIMIT $id, $per_page");
            
$thumbs = $runrows ['thumbs'];
$title = $runrows ['title'];
$channel = $runrows ['channel'];
$url = $runrows ['url'];
$duration = $runrows ['duration'];

 while($runrows = mysql_fetch_assoc($getquery))
{
echo '<li class="thumbcontent"><a href="'. $runrows['url'] .'" class="_bxn" id="'. $runrows['id'] .'" target="_blank"><img src="'. $runrows['thumbs'].'" class="thumb" name="'. $runrows['title'] .'" alt="'. $runrows['title'] .'" title="'. $runrows['title'] .'" width="240" height="180" />		  
</a><span class="thumbreport"><a href="raport.php?url= '. $runrows['url'] .'&thumb='. $runrows['thumbs'] .'&title='. $runrows['title'] .' " target="_blank">Report</a></span><span class="duration">'. $runrows['duration'].'</span><span class="out"><a href="'. $runrows['exlink']. '">'. $runrows['ex'] .'</a></span></li>
			  ';

 }
echo "<center>";

  ?>
</ul>
 </div>
   <div id="containerbarbottom">
<?php
//Pagination ids
echo "<center>";
$prev = $id - $per_page;
$next = $id + $per_page;
                       
$adjacents = 5;
$last = $max_pages - 1;
  
if($max_pages > 1)
{   

//previous button
if (!($id<=0)) 
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$prev'>Prev</a> </div>";    
          
//pages 
if ($max_pages < 7 + ($adjacents * 2))   //not enough pages to bother breaking it up
{
$i = 0;   
for ($counter = 1; $counter <= $max_pages; $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div> ";
}
else {
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}  
$i = $i + $per_page;                 
}
}
elseif($max_pages > 5 + ($adjacents * 2))    //enough pages to hide some
{
//close to beginning; only hide later pages
if(($id/$per_page) < 1 + ($adjacents * 2))        
{
$i = 0;
for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div> ";
}
else {
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
} 
$i = $i + $per_page;                                       
}
                          
}
//in middle; hide some front and some back
elseif($max_pages - ($adjacents * 2) > ($id / $per_page) && ($id / $per_page) > ($adjacents * 2))
{
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=0'>1</a></div> ";
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$per_id'>2</a> ....</div> ";
 
$i = $id;                 
for ($counter = ($id/$per_page)+1; $counter < ($id / $per_page) + $adjacents + 2; $counter++)
{
if ($i == $id){
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div>";
}
else {
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}   
$i = $i + $per_page;                
}
                                  
}
//close to end; only hide early pages
else
{
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=0'>1</a></div> ";
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$per_id'>2</a> ....</div> ";
 
$i = $id;                
for ($counter = ($id / $per_page) + 1; $counter <= $max_pages; $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div>";
}
else {
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";   
} 
$i = $i + $per_page;              
}
}
}
          
//next button
if (!($id >=$foundnum-$per_page))
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$next'>Next</a></div> ";    
}   
echo "</center>";
} 

?>

</div>
<div id="reclame">

<iframe src="ifr.html" height="275" width="1050" frameborder="0" scrolling="no"></iframe>

</div>

<div id="footer">
<?php echo $footer; ?></div>

</div>
</body>
</html>
Edited by Tasos
Link to comment
Share on other sites
Tasos Member

Tasos

Posted
  • Author
Posted
This is what i changed from line 54 

 




  $search = mysql_real_escape_string(htmlentities(trim ($_POST['search'])));

    $search = preg_split('/[\s]+/', $search);


But this is not working what is wrong here please help me.. Can i also make from the pagination 

<a href='funny.php?search=$search&submit=search&id=$prev'>Prev</a> </div>"; into php server self ?

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

you should only use your database escape function on string data that goes into a database query. by escaping the $search variable, you are messing up all the other places that $search is used. also, by splitting/exploding what is in $search and putting that back into the $search variable, you are messing up all the other places that $search is used.

 

you should only use htmlentities on data you are outputting to the browser. it should not be used on data you are putting into a database query.

Edited by mac_gyver
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.