Log in

View Full Version : Problem linking with paginator - in AdminCP

Vaupell
02-08-2009, 07:10 PM
Hi was following the article paginator in admin cp,
and with only -2 views since yester kinda doubt a response is appearing there.
Paginate Admin CP Results (https://vborg.vbsupport.ru/showthread.php?t=200413)

so if you think its the wrong place to start a topic, well in a perfect world articles responses was
feedback only not support, and support with scripts goes in support forum :p

anyway

the problem is this

the link from the pages appear to be fine when running but when you click
if loads nothing/blank screen which ofcourse is becourse it cannot find the
goto location.

my initial goto location is if($_POST['do']=="Find"){

and the link is looking like this
$pagenav .= " <a href=\"sh2.php?$session[sessionurl]do=Find&amp;page=$thispage\" class=\"normal\">$thispage</a> ";

// --- and futher down the actual print
print_description_row($pagenav, false, 8, '', 'center');


in run mode it looks like this

http://localhost/forums/admincp/sh2.php?do=Find&page=2

and ofcourse it can easy find ?do=Find but the &page2
is the problem, im sure i need to add this somewhere, but not how
and neither articles on this clearify this..

suggestions ? :confused:


EDIT 2 :

modified the link a little, but still not allowed to use &page#

$pagenav .= "<a href='sh2.php?$session[sessionurl]do=Find&amp;page=$thispage'>".$thispage."</a>,";
Dismounted
02-09-2009, 05:03 AM
The name of the variable that is used in the article is "pagenumber", not "page".
Vaupell
02-09-2009, 05:56 AM
hmm okay,, time for a little code i gues

1) it didnt pay attention on the varible changed that in the link..


if($_POST['do']=="Find"){
$vbulletin->input->clean_gpc('r', 'searchstring', TYPE_NOHTML);
$vbulletin->input->clean_array_gpc('r', array('pagenumber'=> TYPE_UINT,));



$perpage = 10;
if(!$vbulletin->GPC['pagenumber']){
$vbulletin->GPC['pagenumber'] = 1;
}
$start = ($vbulletin->GPC['pagenumber'] - 1) * $perpage;

$ipscount = $db->query_first("
SELECT COUNT(ipaddress) AS count
FROM " . TABLE_PREFIX . "post
WHERE ipaddress='".$vbulletin->GPC['searchstring']."'
");

$pagecount = ceil($ipscount['count'] / $perpage);
print_cp_header("$vbphrase[EviFindipCPHeader]");
print_table_start();
print_table_header("$vbphrase[EviFindipTBFHeader]", 8);

if($pagecount > 1){
$pagenav = "<strong>$vbphrase[go_to_page]</strong>";
for ($thispage = 1; $thispage <= $pagecount; $thispage++){
if($thispage == $vbulletin->GPC['pagenumber']){
$pagenav .= " <strong>[$thispage]</strong> ";
} else {
// $pagenav .= " <a href=\"sh2.php?$session[sessionurl]do=Find&amp;pagenumber=$thispage\" class=\"normal\">$thispage</a> ";
$pagenav .= "<a href='sh2.php?do=Find&amp;pagenumber=$thispage'>".$thispage."</a> ,";
}
}

print_description_row($pagenav, false, 8, '', 'center');
}


and yes i see that the pagenumber is the correct var, didnt work for the link
Notice ONLY reason i got dublicated link it besource im trying different things out

im also suspecting that input->clean array to have a wrong syntax
but dont know the correct syntax for it, can only compared to others
that work.
Dismounted
02-09-2009, 10:05 AM
Okay, let's start at that insecure query there. It is vulnerable to SQL injection. You should read SirAdrian's article called "Create Secure Mods". It's all good and well that you escape HTML (it's not needed, by the way, it is only needed after fetching from the database/displaying it).
Vaupell
02-09-2009, 10:53 AM
Okay, let's start at that insecure query there. It is vulnerable to SQL injection. You should read SirAdrian's article called "Create Secure Mods". It's all good and well that you escape HTML (it's not needed, by the way, it is only needed after fetching from the database/displaying it).



Dont get it, well i understand what it does, great.

But i have no clue of placement of $db->escape_string()

cant i just go with $db->query_read_slave() ? or is it a misleading name!


Edit 2 :
okay $db->query_read_slave() dosent work, it removes all links. = dosent count
and the same with $db->escape_string() = dosent count either


$ipscount = $db->query_read_slave("
SELECT COUNT(ipaddress) AS count
FROM " . TABLE_PREFIX . "post
WHERE ipaddress='".$db->escape_string('searchstring')."'

i mean the count is correct and all, but the page numbers that was printet with old code is gone.

giving up on this.
Dismounted
02-10-2009, 05:02 AM
$vbulletin->db->escape_string($variable)
Vaupell
02-10-2009, 09:19 AM
$vbulletin->db->escape_string($variable)

okay this works thank you..


WHERE ipaddress='".$db->escape_string($vbulletin->GPC['searchstring'])."'");

But still dosent help me on the linking of pages :confused:

Link generated is

$pagenav .= "<a href='sh2.php?do=Find&amp;pagenumber=$thispage'>".$thispage."</a> ,";

and function (i think its a function, remember ur dealing with a non programmer here)
if($_POST['do']=="Find"){
$vbulletin->input->clean_gpc('r', 'searchstring', TYPE_NOHTML);
$vbulletin->input->clean_array_gpc('r', array('pagenumber'=> TYPE_UINT,));
}


but it wont allow me to "reuse" that link,
should i remove all the " &amp;pagenumber=$thispage" alltogether and attempt
getting the page number with _get or _request perhaps instaed. ?