Problem linking with paginator - in AdminCP

[Vaupell]

Hi was following the article paginator in admin cp,
and with only -2 views since yester kinda doubt a response is appearing there.
Paginate Admin CP Results

so if you think its the wrong place to start a topic, well in a perfect world articles responses was
feedback only not support, and support with scripts goes in support forum

anyway

the problem is this

the link from the pages appear to be fine when running but when you click
if loads nothing/blank screen which ofcourse is becourse it cannot find the
goto location.

my initial goto location is

PHP Code:

 if($_POST['do']=="Find"){ 


and the link is looking like this

PHP Code:

                    $pagenav .= " <a href=\"sh2.php?$session[sessionurl]do=Find&amp;page=$thispage\" class=\"normal\">$thispage</a> ";

//  ---  and futher down the actual print
  print_description_row($pagenav, false, 8, '', 'center'); 


in run mode it looks like this

http://localhost/forums/admincp/sh2.php?do=Find&page=2

and ofcourse it can easy find ?do=Find but the &page2
is the problem, im sure i need to add this somewhere, but not how
and neither articles on this clearify this..

suggestions ?


EDIT 2 :

modified the link a little, but still not allowed to use &page#

Code:

$pagenav .= "<a href='sh2.php?$session[sessionurl]do=Find&amp;page=$thispage'>".$thispage."</a>,";

[Dismounted]

The name of the variable that is used in the article is "pagenumber", not "page".

[Vaupell]

hmm okay,, time for a little code i gues

1) it didnt pay attention on the varible changed that in the link..

PHP Code:

 if($_POST['do']=="Find"){
$vbulletin->input->clean_gpc('r', 'searchstring', TYPE_NOHTML);
$vbulletin->input->clean_array_gpc('r', array('pagenumber'=> TYPE_UINT,));

  

    $perpage = 10; 
    if(!$vbulletin->GPC['pagenumber']){ 
        $vbulletin->GPC['pagenumber'] = 1; 
    } 
    $start = ($vbulletin->GPC['pagenumber'] - 1) * $perpage; 

    $ipscount = $db->query_first(" 
        SELECT COUNT(ipaddress) AS count 
        FROM " . TABLE_PREFIX . "post
        WHERE ipaddress='".$vbulletin->GPC['searchstring']."' 
    ");     
         
    $pagecount = ceil($ipscount['count'] / $perpage); 
   print_cp_header("$vbphrase[EviFindipCPHeader]");
   print_table_start();
   print_table_header("$vbphrase[EviFindipTBFHeader]", 8);
 
         if($pagecount > 1){ 
            $pagenav = "<strong>$vbphrase[go_to_page]</strong>"; 
            for ($thispage = 1; $thispage <= $pagecount; $thispage++){ 
                if($thispage == $vbulletin->GPC['pagenumber']){ 
                    $pagenav .= " <strong>[$thispage]</strong> "; 
                } else { 
//  $pagenav .= " <a href=\"sh2.php?$session[sessionurl]do=Find&amp;pagenumber=$thispage\" class=\"normal\">$thispage</a> "; 
     $pagenav .= "<a href='sh2.php?do=Find&amp;pagenumber=$thispage'>".$thispage."</a> ,";
                } 
            } 

          print_description_row($pagenav, false, 8, '', 'center'); 
        } 


and yes i see that the pagenumber is the correct var, didnt work for the link
Notice ONLY reason i got dublicated link it besource im trying different things out

im also suspecting that input->clean array to have a wrong syntax
but dont know the correct syntax for it, can only compared to others
that work.

[Dismounted]

Okay, let's start at that insecure query there. It is vulnerable to SQL injection. You should read SirAdrian's article called "Create Secure Mods". It's all good and well that you escape HTML (it's not needed, by the way, it is only needed after fetching from the database/displaying it).

[Vaupell]

Quote:

Originally Posted by Dismounted

Okay, let's start at that insecure query there. It is vulnerable to SQL injection. You should read SirAdrian's article called "Create Secure Mods". It's all good and well that you escape HTML (it's not needed, by the way, it is only needed after fetching from the database/displaying it).

Dont get it, well i understand what it does, great.

But i have no clue of placement of $db->escape_string()

cant i just go with $db->query_read_slave() ? or is it a misleading name!


Edit 2 :
okay $db->query_read_slave() dosent work, it removes all links. = dosent count
and the same with $db->escape_string() = dosent count either

PHP Code:

    $ipscount = $db->query_read_slave("
        SELECT COUNT(ipaddress) AS count 
        FROM " . TABLE_PREFIX . "post
        WHERE ipaddress='".$db->escape_string('searchstring')."' 


i mean the count is correct and all, but the page numbers that was printet with old code is gone.

giving up on this.

[Dismounted]

PHP Code:

$vbulletin->db->escape_string($variable) 


[Vaupell]

Quote:

Originally Posted by Dismounted

PHP Code:

$vbulletin->db->escape_string($variable) 


okay this works thank you..

PHP Code:

WHERE ipaddress='".$db->escape_string($vbulletin->GPC['searchstring'])."'"); 


But still dosent help me on the linking of pages

Link generated is

PHP Code:

$pagenav .= "<a href='sh2.php?do=Find&amp;pagenumber=$thispage'>".$thispage."</a> ,"; 


and function (i think its a function, remember ur dealing with a non programmer here)

PHP Code:

 if($_POST['do']=="Find"){
$vbulletin->input->clean_gpc('r', 'searchstring', TYPE_NOHTML);
$vbulletin->input->clean_array_gpc('r', array('pagenumber'=> TYPE_UINT,));
} 


but it wont allow me to "reuse" that link,
should i remove all the " &pagenumber=$thispage" alltogether and attempt
getting the page number with _get or _request perhaps instaed. ?