#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2

    PHP Numbered Navigation System Issue


    Hello!

    I am working on a numbered PHP system, for example, look at the bottom of this page: http://tjyouschak.me/dev/mc_stats/cplb.php

    I am trying to display the numbers like this:

    1 2 3 4 ... 1102 1103 1104 1105

    Now, for the PHP code, this is where I am confused on how to do this.

    I currently have the following for displaying the numbers, in list form.
    PHP Code:
    function getNumberOfPages() {

        if(isset(
    $_GET['sortBy']) && isset($_GET['ordering'])) {
            
    $sort $_GET['sortBy'];
            
    $order $_GET['ordering'];

            
    $serversPerPage 15;
            
    $numrows mysql_num_rows(mysql_query("SELECT * FROM ControlPointStats"));
            
    $totalRows $numrows $serversPerPage;
            for (
    $i=1$i<=$totalRows$i++) {
                
    $active = (isset($_GET['pagenumber']) && $_GET['pagenumber'] == $i "active" "");
                echo 
    "<li class=\"" $active "\">" "<a href=\"./cplb.php?pagenumber=" "$i"&sortBy="$sort "&ordering=" $order "\">" "$i"</a>" "</li>";
            }

        } else {
            
    $serversPerPage 15;
            
    $numrows mysql_num_rows(mysql_query("SELECT * FROM ControlPointStats"));
            
    $totalRows $numrows $serversPerPage;
            for (
    $i=1$i<=$totalRows$i++) {
                
    $active = (isset($_GET['pagenumber']) && $_GET['pagenumber'] == $i "active" "");
                echo 
    "<li class=\"" $active "\">" "<a href=\"./cplb.php?pagenumber=" "$i"\">" "$i"</a>" "</li>";
            }

        }




    Now what would I have to do to do what I am trying to do?

    Many thanks in advance.

    BTW, yes I know the methods are depreciated.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,922
    Rep Power
    1045
    Hi,

    your "numbered PHP system" is called pagination. I guess what you're asking is how to display the dots in case you have more than 9(?) pages.

    Well, the logic is pretty simple: Don't display more than 9 pages. And if you have more, then display a "..." instead of the page in the middle.

    Code:
    max_pages := 9  # don't show more than 9 pages
    displayed_pages := min(pages, max_pages)
    has_hidden_pages := displayed_pages < pages
    
    for p := 1 to display_pages:
    	middle_index := floor(display_pages / 2) + 1
    	if has_hidden_pages and p = middle_index
    		print "..."
    	else
    		print p
    Originally Posted by tjswebdev
    BTW, yes I know the methods are depreciated.
    What's even worse is that you still don't escape the user input. Your code is wide open to cross-site scripting through the URL parameters (sortby and ordering). Anybody with even modest JavaScript skills could use this right now to attack your users and steal their cookies, have them download malware or whatever.

    You must start thinking about security. Otherwise, you'll be in deep trouble when your site goes online.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Originally Posted by Jacques1
    Hi,

    your "numbered PHP system" is called pagination. I guess what you're asking is how to display the dots in case you have more than 9(?) pages.

    Well, the logic is pretty simple: Don't display more than 9 pages. And if you have more, then display a "..." instead of the page in the middle.

    Code:
    max_pages := 9  # don't show more than 9 pages
    displayed_pages := min(pages, max_pages)
    has_hidden_pages := displayed_pages < pages
    
    for p := 1 to display_pages:
    	middle_index := floor(display_pages / 2) + 1
    	if has_hidden_pages and p = middle_index
    		print "..."
    	else
    		print p

    What's even worse is that you still don't escape the user input. Your code is wide open to cross-site scripting through the URL parameters (sortby and ordering). Anybody with even modest JavaScript skills could use this right now to attack your users and steal their cookies, have them download malware or whatever.

    You must start thinking about security. Otherwise, you'll be in deep trouble when your site goes online.
    Thanks for the reply.

    1.) What does the pages, displayed_pages and display_pages stand for?
    2.) Is that going to display the "..." for every page in between?
    3.) Is the above code in PHP, or do I have to translate?
    4.) I am doing the security fix now.

    Thanks.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,922
    Rep Power
    1045
    Originally Posted by tjswebdev
    1.) What does the pages, displayed_pages and display_pages stand for?
    pages is the actual number of pages, and displayed_pages is the number of pages to show. display_pages is a typo, it should also read displayed_pages.



    Originally Posted by tjswebdev
    2.) Is that going to display the "..." for every page in between?
    Not sure what you mean. It displays at most 9 buttons, and if there are more than 9 pages, it displays a "..." in the middle.



    Originally Posted by tjswebdev
    3.) Is the above code in PHP, or do I have to translate?
    Does it look like PHP? It's pseudo code.



    Originally Posted by tjswebdev
    4.) I am doing the security fix now.
    Great.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Thanks for the fast reply.

    So would this be correct?

    PHP Code:

    $max_pages 
    9;  // don't show more than 9 pages
    $displayed_pages min(pagesmax_pages);
    $has_hidden_pages = (displayed_pages pages);

    for (
    1 to displayed_pages) {
        
    middle_index = (floor(display_pages 2) + 1);
        if (
    has_hidden_pages and middle_index) {
            print 
    "...";
        } else {
            print 
    p;
         }

    Thanks.
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,922
    Rep Power
    1045
    That's half PHP, half pseudo code.

    Don't translate the code. The reason I used pseudo code instead of PHP was that I did not want to just hand out some code for you to copypaste. Read the code, understand it and then write your own PHP implementation.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    85
    Rep Power
    2
    Originally Posted by Jacques1
    That's half PHP, half pseudo code.

    Don't translate the code. The reason I used pseudo code instead of PHP was that I did not want to just hand out some code for you to copypaste. Read the code, understand it and then write your own PHP implementation.
    Okay. Sounds good. I was just checking.

IMN logo majestic logo threadwatch logo seochat tools logo