PHP Increment/Decrement

Dev Shed Forums Sponsor:

December 2nd, 2012, 04:48 PM

jadeallencook

Registered User

Join Date: Dec 2012

Posts: 5

Time spent in forums: 43 m 50 sec
Reputation Power: 0

PHP Increment/Decrement

This might sound a bit noobish but I am having trouble creating a increment/decrement button. So basically, I created a website that uses Tumblr feed to view photos that I've tagged. For example, if I pass a variable called "nav" that equals california, it will show all of my photos from california by using this code.

Code:

<?php
$location = $_GET['nav'];
echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["nav"] . "/js' type='text/javascript'></script>";
?>

But the problem I am having is that it only shows the first 10 photos and in order for me to view the next page I have to add this into the code.

Code:

<?php
$location = $_GET['nav'];
echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["nav"] . "/page/2/js' type='text/javascript'></script>";
?>

And so on...

I want to be able to add a button to change the variable after "page/". And another thing is, the first page cannot read "page/1", because when I do it doesn't show anything. So the first page has to be the first script, and then after they press a "next" button, it has to go to the second code. I've gotten this so far:

Code:

<?php
$location = $_REQUEST['nav'];
$page = $_POST['page'];
if (isset($_POST['next']))
{
   $page++;
}
else if (isset($_POST['previous']))
{
   $page--;
}

if ($page <= 1)
{
   echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "/js' type='text/javascript'></script>";
}
else
{
   echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "page/" . $page . "/js' type='text/javascript'></script>";
}
?>

<form method="POST">
<input type="hidden" name="navigation" value="location" />
<input type="submit" name="previous" value="previous">
<input type="submit" name="next" value="next">
<input type="hidden" name="navigation" value="<?php echo $location; ?>" />
</form>

But nothing seems to work /:

December 2nd, 2012, 04:58 PM

msteudel

Contributing User

Join Date: Sep 2002

Location: Seattle, U.S.A.

Posts: 712

Time spent in forums: 4 Days 11 h 4 m 59 sec
Reputation Power: 11

You also need to pass the page variable along:

(I stripped a bunch of stuff out to test)

PHP Code:


		
			
<?php

echo '<pre>';print_r( $_REQUEST );

$location = isset( $_REQUEST['nav'] ) ? $_REQUEST['nav'] : '';

$page = isset( $_POST['page'] ) ? $_POST['page'] : '0';

if (isset($_POST['next']))

{

   $page++;

}

else if (isset($_POST['previous']))

{

   $page--;

}



if ($page <= 1)

{

   echo "http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "/js";

}

else

{

   echo "http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "page/" . $page . "/js";

}



echo $page . '<br />';

?>



<form method="POST">

<input type="hidden" name="navigation" value="location" />

<input type="submit" name="previous" value="previous">

<input type="submit" name="next" value="next">

<input type="hidden" name="page" value="<?php echo $page ?>" />

<input type="hidden" name="navigation" value="<?php echo $location; ?>" />

</form>

Comments on this post

Jacques1 disagrees: Ever heard of XSS?

December 14th, 2012, 08:40 PM

jadeallencook

Registered User

Join Date: Dec 2012

Posts: 5

Time spent in forums: 43 m 50 sec
Reputation Power: 0

Quote:

Originally Posted by msteudel

You also need to pass the page variable along:

(I stripped a bunch of stuff out to test)

PHP Code:


		
			
<?php

echo '<pre>';print_r( $_REQUEST );

$location = isset( $_REQUEST['nav'] ) ? $_REQUEST['nav'] : '';

$page = isset( $_POST['page'] ) ? $_POST['page'] : '0';

if (isset($_POST['next']))

{

   $page++;

}

else if (isset($_POST['previous']))

{

   $page--;

}



if ($page <= 1)

{

   echo "http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "/js";

}

else

{

   echo "http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "page/" . $page . "/js";

}



echo $page . '<br />';

?>



<form method="POST">

<input type="hidden" name="navigation" value="location" />

<input type="submit" name="previous" value="previous">

<input type="submit" name="next" value="next">

<input type="hidden" name="page" value="<?php echo $page ?>" />

<input type="hidden" name="navigation" value="<?php echo $location; ?>" />

</form>

Now all I'm getting is this when I open the page:

Code:

Array
(
    [job] => jobname
)
http://mybblog.tumblr.com/tagged/jobname/js0

No images, just the layout and that in plain text for some reason.

December 15th, 2012, 05:02 AM

Jacques1

pollyanna

Join Date: Jul 2012

Location: Germany

Posts: 1,854

Time spent in forums: 1 Month 2 Weeks 1 Day 15 h 10 m 12 sec
Reputation Power: 813

Hi,

yeah, msteudel changed the code to make debugging easier. All you need to do is copy the forgotten "page" input into your code.

But before you do anything else, you need to fix some giant security holes. Both of you happily dumped the user input into the HTML markup, making the page vulnerable to XSS attacks. Any value you "echo" or "print" or output in any way must be escaped first with htmlentities(). Otherwise I could inject JavaScript via the URL, share the link with other users and then use the script to "capture" their browser (I could steal their cookies, redirect them to any page I want etc.).

December 15th, 2012, 11:18 AM

msteudel

Contributing User

Join Date: Sep 2002

Location: Seattle, U.S.A.

Posts: 712

Time spent in forums: 4 Days 11 h 4 m 59 sec
Reputation Power: 11

Sorry! I never do that for examples, and I should ... thanks for keeping us honest and secure!

December 19th, 2012, 05:25 PM

jadeallencook

Registered User

Join Date: Dec 2012

Posts: 5

Time spent in forums: 43 m 50 sec
Reputation Power: 0

I guess I don't get what you're saying, I can't seem to find the missing "page" code. It looks like everything is still there.

December 19th, 2012, 08:56 PM

Jacques1

pollyanna

Join Date: Jul 2012

Location: Germany

Posts: 1,854

Time spent in forums: 1 Month 2 Weeks 1 Day 15 h 10 m 12 sec
Reputation Power: 813

Compare msteudel's form with yours. His form has 5 input elements, yours only 4. Why? Because you forgot the input for the page.

Either add this input to your own form. Or rewrite his code to output the "script" elements again (instead of just the URLs).

PHP Increment/Decrement

Developer Shed Advertisers and Affiliates