#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    5
    Rep Power
    0

    PHP Increment/Decrement


    This might sound a bit noobish but I am having trouble creating a increment/decrement button. So basically, I created a website that uses Tumblr feed to view photos that I've tagged. For example, if I pass a variable called "nav" that equals california, it will show all of my photos from california by using this code.

    Code:
    <?php
    $location = $_GET['nav'];
    echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["nav"] . "/js' type='text/javascript'></script>";
    ?>
    But the problem I am having is that it only shows the first 10 photos and in order for me to view the next page I have to add this into the code.

    Code:
    <?php
    $location = $_GET['nav'];
    echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["nav"] . "/page/2/js' type='text/javascript'></script>";
    ?>
    And so on...

    I want to be able to add a button to change the variable after "page/". And another thing is, the first page cannot read "page/1", because when I do it doesn't show anything. So the first page has to be the first script, and then after they press a "next" button, it has to go to the second code. I've gotten this so far:

    Code:
    <?php
    $location = $_REQUEST['nav'];
    $page = $_POST['page'];
    if (isset($_POST['next']))
    {
       $page++;
    }
    else if (isset($_POST['previous']))
    {
       $page--;
    }
    
    if ($page <= 1)
    {
       echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "/js' type='text/javascript'></script>";
    }
    else
    {
       echo "<script src='http://myblog.tumblr.com/tagged/" . $_REQUEST["job"] . "page/" . $page . "/js' type='text/javascript'></script>";
    }
    ?>
    
    <form method="POST">
    <input type="hidden" name="navigation" value="location" />
    <input type="submit" name="previous" value="previous">
    <input type="submit" name="next" value="next">
    <input type="hidden" name="navigation" value="<?php echo $location; ?>" />
    </form>
    But nothing seems to work /:
  2. #2
  3. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    712
    Rep Power
    12
    You also need to pass the page variable along:

    (I stripped a bunch of stuff out to test)

    PHP Code:
    <?php
    echo '<pre>';print_r$_REQUEST );
    $location = isset( $_REQUEST['nav'] ) ? $_REQUEST['nav'] : '';
    $page = isset( $_POST['page'] ) ? $_POST['page'] : '0';
    if (isset(
    $_POST['next']))
    {
       
    $page++;
    }
    else if (isset(
    $_POST['previous']))
    {
       
    $page--;
    }

    if (
    $page <= 1)
    {
       echo 
    "http://myblog.tumblr.com/tagged/" $_REQUEST["job"] . "/js";
    }
    else
    {
       echo 
    "http://myblog.tumblr.com/tagged/" $_REQUEST["job"] . "page/" $page "/js";
    }

    echo 
    $page '<br />';
    ?>

    <form method="POST">
    <input type="hidden" name="navigation" value="location" />
    <input type="submit" name="previous" value="previous">
    <input type="submit" name="next" value="next">
    <input type="hidden" name="page" value="<?php echo $page ?>" />
    <input type="hidden" name="navigation" value="<?php echo $location?>" />
    </form>

    Comments on this post

    • Jacques1 disagrees : Ever heard of XSS?
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    5
    Rep Power
    0
    Originally Posted by msteudel
    You also need to pass the page variable along:

    (I stripped a bunch of stuff out to test)

    PHP Code:
    <?php
    echo '<pre>';print_r$_REQUEST );
    $location = isset( $_REQUEST['nav'] ) ? $_REQUEST['nav'] : '';
    $page = isset( $_POST['page'] ) ? $_POST['page'] : '0';
    if (isset(
    $_POST['next']))
    {
       
    $page++;
    }
    else if (isset(
    $_POST['previous']))
    {
       
    $page--;
    }

    if (
    $page <= 1)
    {
       echo 
    "http://myblog.tumblr.com/tagged/" $_REQUEST["job"] . "/js";
    }
    else
    {
       echo 
    "http://myblog.tumblr.com/tagged/" $_REQUEST["job"] . "page/" $page "/js";
    }

    echo 
    $page '<br />';
    ?>

    <form method="POST">
    <input type="hidden" name="navigation" value="location" />
    <input type="submit" name="previous" value="previous">
    <input type="submit" name="next" value="next">
    <input type="hidden" name="page" value="<?php echo $page ?>" />
    <input type="hidden" name="navigation" value="<?php echo $location?>" />
    </form>
    Now all I'm getting is this when I open the page:

    Code:
    Array
    (
        [job] => jobname
    )
    http://mybblog.tumblr.com/tagged/jobname/js0
    No images, just the layout and that in plain text for some reason.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,925
    Rep Power
    1045
    Hi,

    yeah, msteudel changed the code to make debugging easier. All you need to do is copy the forgotten "page" input into your code.

    But before you do anything else, you need to fix some giant security holes. Both of you happily dumped the user input into the HTML markup, making the page vulnerable to XSS attacks. Any value you "echo" or "print" or output in any way must be escaped first with htmlentities(). Otherwise I could inject JavaScript via the URL, share the link with other users and then use the script to "capture" their browser (I could steal their cookies, redirect them to any page I want etc.).
  8. #5
  9. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Sep 2002
    Location
    Seattle, U.S.A.
    Posts
    712
    Rep Power
    12
    Sorry! I never do that for examples, and I should ... thanks for keeping us honest and secure!
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    5
    Rep Power
    0
    I guess I don't get what you're saying, I can't seem to find the missing "page" code. It looks like everything is still there.
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,925
    Rep Power
    1045
    Compare msteudel's form with yours. His form has 5 input elements, yours only 4. Why? Because you forgot the input for the page.

    Either add this input to your own form. Or rewrite his code to output the "script" elements again (instead of just the URLs).

IMN logo majestic logo threadwatch logo seochat tools logo