0

I am trying to get all the items that are loaded (after clicking load more) to be sorted out according to the filter settings that were submitted before hand. I have all the settings being displayed on the url as the form is submitted with GET

For some reason, I cannot retrieve the settings from the url using GET after the form is submitted and load more is clicked.. any idea why?

This query sorts out all the results:

<div class="main_page">
    <?php

    $res = mysql_query("SELECT * FROM posts WHERE ".$search_query." ".$lowest_price." ".$highest_price." ".$ad_order." ".$limit."");

    if($res && mysql_num_rows($res) > 0){
        while($row = mysql_fetch_assoc($res)){
            $date = $row['date']; 
        }
        echo '<div class="ad_display" id="'.$date.'">blabla</div>';
    }

In the loadmore.php, there is the exact same div but it is sorted out like so:

$res = mysql_query("SELECT * FROM posts WHERE `date` < '".mysql_real_escape_string($_GET['id'])."' ORDER BY `date` DESC LIMIT 10");

and of course the load more button script:

<script type="text/javascript">
   $(document).ready(function(){
    $(".load_more").click(function (){
        $('.load_more').html('<img src="images/ajax-loader.gif" />');
        $.ajax({
            url: "loadmore.php?id=" + $(".ad_display:last").attr("id"),
            success: function(html){
            if(html){
                $(".main_page").append(html);
                $('.load_more').html('Load More');
            }else{
                $('.load_more').replaceWith('No more posts');
            }
        }
    });
    });
});
</script>

<button class="load_more">Load More</button>

Any help is much appreciated!

UPDATE:

if(isset($_GET['search'])){
    $searchq = $_GET['search'];
    $searchq = sanitize(preg_replace("#[^0-9a-z]#i","",$searchq));
    $search_query = "AND (title LIKE '%".$searchq."%' OR description LIKE '%".$searchq."%')";
}
Cœur
  • 37,241
  • 25
  • 195
  • 267
Gadgetster
  • 473
  • 3
  • 12
  • 33
  • Where is `$search_query` etc. defined? – Paul Dessert Feb 27 '14 at 23:02
  • What form? And in `loadmore.php`, the ordering seems to be static, so why to you expect the results to be ordered by anything else then `date` as you specified there? – CBroe Feb 27 '14 at 23:12
  • updated the code above with the search_query. And @CBroe yes I know but I tried simply echo $_GET['search_query'] and it will tell me undefined variable – Gadgetster Feb 27 '14 at 23:14
  • Your code has SQL Injection vulnerabilities. See [How can I prevent SQL injection in PHP?](http://stackoverflow.com/q/60174) – Madara's Ghost Feb 27 '14 at 23:18
  • The updated code is what goes into $res once the form is submitted.. sorry there is a lot of code so it's hard not to miss parts here and there and I try not to make a giant page of code when I am asking here – Gadgetster Feb 27 '14 at 23:27
  • Well your `$search_query` variable does only get set when there is a GET parameter named `search`, I assume – but you are not passing any such parameter in your AJAX request, so … – CBroe Feb 28 '14 at 12:39

1 Answers1

0
$res = mysql_query("SELECT * FROM posts WHERE `date` < '".mysql_real_escape_string($_GET['id'])."' ORDER BY `date` DESC LIMIT 10");

In the line above from loadmore.php you have one single, static ordering statement: ORDER BY date DESC.

The code you provided does not make it clear, but I presume $ad_order contains the ordering you're using on the main page and the ordering you'd like to use within loadmore.php. However this is computed from the query string, so you need to pass the values into loadmore.php and duplicate the code in there. For example, if your main page has this:

// main-page.php?order1=X&order2=Y

$ad_order = "Some kind of computation with the values from the query string";

Then you also need to have that code inside loadmore.php, and you need to modify your two scripts, like this...

// loadmore.php

$ad_order = "The same computation with values from the query string";

$res = mysql_query("SELECT * FROM posts WHERE `date` < '".mysql_real_escape_string($_GET['id'])."' " . $ad_order . " LIMIT 10")

...and this...

// Loading function in JavaScript

<script type="text/javascript">
    $(document).ready(function(){
        $(".load_more").click(function (){
            $('.load_more').html('<img src="images/ajax-loader.gif" />');
            $.ajax({
                url: "loadmore.php?order1=<?=$_GET['order1'];?>&order2=<?=$_GET['order2'];?>&id=" + $(".ad_display:last").attr("id"),
            }
        });
    });
});
</script>

This is a GENERIC example of what the solution should be - there's not enough detail in your question for me to be exact, so you'll need to change variable names and the $ad_order code to make it work with your script.

Also, as Second Rikudo said above, your code is vulnerable to SQL-injection. You should have a read of the article that was linked to.

Mark Ormesher
  • 2,289
  • 3
  • 27
  • 35
  • for the jquery code, that will only work if the user chose filters but if not then there are not variables after index.php to pass into $_GET. I tried doing what you said before with the "The same computation with values ..." to be passed into the loadmore.php page using the $_GET function but it didn't work for some reason. As far as what $ad_order is, it is just if(isset($_GET['ad_order']) && $_GET['ad_order'] === "1"){$ad_order = "ORDER BY `date` DESC";... and so on, just different combinations of displaying the posts – Gadgetster Mar 01 '14 at 20:49