1

I'm working on a piece of code that does pagination for different sorting systems. It works for likes and outputs correctly, but does not work for the sorting system of tag.

 $sorting = $_GET["sorting"];

$per_page = 10;
$pages = $count_total->num_rows;
$total_pages = ceil($pages / $per_page);

if($sorting == "likes") {
      $count_total = $db2->query("SELECT * FROM likes WHERE user='$user'");
    }

if($sorting == "tag") {
     $tag_name = $_GET["tag_name"];
     $count_total = $db2->query("SELECT * FROM movie_tags WHERE tag_id='$tag_name'");
    }

$pages = $count_total->num_rows;
    $total_pages = ceil($pages / $per_page);

 $start = (($page - 1) * $per_page);



for($number=1;$number<=$total_pages;$number++) {
           if($page == $number) {
             echo '<div class="complete_page">'.$number.'</div>';
           } else {
             $sorting = $_GET["sorting"];
            echo '<a href="?page='.$number.'&sorting='.$sorting.'"> <div class="number_page">'.$number.'</div></a>';

           }
         }
         }

This is an example of how I'm using pagination:

$movie = $db2->query("SELECT * FROM movies ORDER BY likes DESC LIMIT $start, $per_page");

NOTE: When I echo $pages, both sorting systems generate values. In fact, tag has a value of 11. Why is this value not creating the pagination system. I know this is not a problem with the pagination system because it is working for the sorting system of likes.

  • [Just thought you should know that visiting `/?page=somesqlinjectionhere` could be very unfortunate.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Marty Mar 22 '16 at 04:24
  • True. My thought is I'm going to do SQL Injection and other security at the very end with a team of developers. I'm just a solo developer on this project right now... –  Mar 22 '16 at 04:25
  • I do not recommend leaving obvious and severe security problems until the end. – Marty Mar 22 '16 at 04:26
  • @Marty You're right. I'm a new developer and I'm picking up on new tricks and practices every day. –  Mar 22 '16 at 04:30

2 Answers2

1

try changing you query to:

$movie = $db2->query("SELECT * 
                       FROM movies 
                       ORDER BY likes DESC 
                       LIMIT $per_page 
                       OFFSET $start");

This should set the amount of lines to $per_page Starting from $start.

Sam Boyne
  • 71
  • 1
  • 6
  • Did not work. Please ignore my example of pagination. It's simply an example and does not directly relate to my problem. –  Mar 22 '16 at 04:34
  • $start = (($page - 1) * $per_page); Is this meant to be $pages rather than $page. I might be blind but I can't find where $page is initialised. – Sam Boyne Mar 22 '16 at 04:46
  • This is meant to be like this. You are right that I skipped $page. $page is simply GET the page portion of the url: movies.php?page=1 –  Mar 22 '16 at 04:49
1

You should try to remove the 2 single quotes around $tag_name in your SQL query. I mean: 

$count_total = $db2->query("SELECT * FROM movie_tags WHERE tag_id=".$tag_name);

Since your tag value is 11, i believe your database column named tag_id is an integer. And with those 2 single quotes, you are comparing it to a string/varchar '11'.

Pierre
  • 11
  • 3