You need to add a LIMIT
clause to your MySQL query. This is as simple as:
SELECT * FROM hdticket WHERE id = :ticknum LIMIT 0, 10
This will fetch ten records, starting from the beginning (imagining your records are zero index–based). The first number is when to start fetching from, and the second number is how many thereafter to fetch. So from 0, it’s fetching the next ten records. This would be page 1.
To get subsequent pages of records, you only need to increment the first number. So, to get page two, you would need to start counting from 10, and fetch the next 10 records. This query would look like this:
SELECT * FROM hdticket WHERE id = :ticknum LIMIT 10, 10
And then page 3:
SELECT * FROM hdticket WHERE id = :ticknum LIMIT 20, 10
And so on. Hopefully you can see the pattern emerging.
As you’re using $_GET
parameters, you could then just tailor your URLs to page your records. So a URL of http://intranet/index.php?page=2 would give:
<?php
$page = intval($_GET['page']);
$limit = 10;
$offset = (($page - 1) * $limit);
$sql = "SELECT * FROM hdticket WHERE id = :ticknum LIMIT $offset, $limit";
Hope this helps.
Also, a couple of asides. Don’t use the mysql_
functions as they’re deprecated. You can see this from the official manual page: http://php.net/manual/en/function.mysql-query.php.
Furthermore, your code is vulnerable to SQL injection attacks, because you’re taking what’s in the URL and using it in the SQL query directly. This is all good and well if you’re putting numbers for pagination in there, but if someone nefarious puts SQL in the URL, they can do all sorts of things such as truncating your tables or your entire database, and it will happen because you’re just passing it through without checking it.
To combat this, you can prepare variables in SQL statements if you use an alternative to the mysql_
functions, like PDO. Your code would look something like this:
<?php
$sql = "SELECT * FROM hdticket WHERE id = :ticknum LIMIT :offset, :limit";
$stmt = $pdo->prepare($sql);
$stmt->bindParam(':ticknum', $ticknum, PDO::PARAM_INT);
$stmt->bindParam(':offset', $offset, PDO::PARAM_INT);
$stmt->bindParam(':limit', $limit, PDO::PARAM_INT);
$stmt->execute();
This ensures that the data passed to your SQL string is what you expect, and automatically escaped to prevent SQL injection.