Search.php doesn’t show next 10 results

[freeflow]

The search.php works fine until I have more than 10 results. When I click on the url for the “next 10”, the “next 10” search url appears in the browser but the “next 10” results are not shown, the page stays the same. http://..../_test/search.php?s=10&q=music

The website structure:

In the index.php there is an include for the content.php which has following link in it:
<a href="search.php?q=music&Submit=Search" accesskey="0"> Music</a><br />

This part works fine, but not the „next 10“ results. What could be the reason for this?

Thanks for your help.

 

[Barrucadu]

We can't help unless you post the code.

 

[freeflow]

contentsearch.php

<div class="content">

      <hr class="separator" />

<?php

  // Get the search variable from URL

  $var = @$_GET['q'] ;
  $trimmed = trim($var); //trim whitespace from the stored variable

// rows to return
$limit=10; 

// check for an empty string and display a message.
if ($trimmed == "")
  {
  echo "<p>Please enter a search...</p>";
  exit;
  }

// check for a search parameter
if (!isset($var))
  {
  echo "<p>We dont seem to have a search parameter!</p>";
  exit;
  }

//connect to your database ** EDIT REQUIRED HERE **
mysql_connect("localhost","xxxxxx","xxxxxxx"); //(host, username, password)

//specify database ** EDIT REQUIRED HERE **
mysql_select_db("xxxxxxx") or die("Unable to select database"); //select which database we're using



// Build SQL Query  
$query = "select Link from Web  where Category like \"%$trimmed%\""; // EDIT HERE and specify your table and field names for the SQL query

 $numresults=mysql_query($query);
 $numrows=mysql_num_rows($numresults);


// Build SQL Query  2
$query2 = "select LinkName from Web  where Category like \"%$trimmed%\""; // EDIT HERE and specify your table and field names for the SQL query

 $numresults2=mysql_query($query2);
 $numrows2=mysql_num_rows($numresults2);


// Build SQL Query  3
$query3 = "select Icon from Web  where Category like \"%$trimmed%\""; // EDIT HERE and specify your table and field names for the SQL query

 $numresults3=mysql_query($query3);
 $numrows3=mysql_num_rows($numresults3);




// If we have no results, offer a google search as an alternative

if ($numrows == 0)
  {
  echo "<h4>Results</h4>";
  echo "<p>Sorry, your search: "" . $trimmed . "" returned zero results</p>";

// google
 echo "<p><a href=\"http://www.google.com/search?q=" 
  . $trimmed . "\" target=\"_blank\" title=\"Look up 
  " . $trimmed . " on Google\">Click here</a> to try the 
  search on google</p>";
  }

// next determine if s has been passed to script, if not use 0
  if (empty($s)) {
  $s=0;
  }

// get results
  $query .= " limit $s,$limit";
  $result = mysql_query($query) or die("Couldn't execute query");

// get results 2
  $query2 .= " limit $s,$limit";
  $result2 = mysql_query($query2) or die("Couldn't execute query");

// get results 3
  $query3 .= " limit $s,$limit";
  $result3 = mysql_query($query3) or die("Couldn't execute query");


// display what the person searched for
//echo "<p>You searched for: "" . $var . ""</p>";

// begin to  results set
//echo "Results";
$count = 1 + $s ;

// now you can display the results returned
  while ($row= mysql_fetch_array($result) and $row2= mysql_fetch_array($result2) and $row3= mysql_fetch_array($result3)) {
  $link = $row["Link"];
  $title = $row2["LinkName"];
  $icon = $row3["Icon"];

echo "<img class='himgicon' alt='0' src='graphic/{$icon}.png' width='10' height='12' /><a href='http://{$link}' accesskey='0'>{$title}</a><br />";

$count++ ;
  }

$currPage = (($s/$limit) + 1);

//break before paging
  echo "<br />";

  // next we need to do the links to other results
  if ($s>=1) { // bypass PREV link if s is 0
  $prevs=($s-$limit);
  print " <a href=\"$PHP_SELF?s=$prevs&q=$var\"><< 
  Prev 10</a>&nbsp ";
  }

// calculate number of pages needing links
  $pages=intval($numrows/$limit);

// $pages now contains int of pages needed unless there is a remainder from division

  if ($numrows%$limit) {
  // has remainder so add one page
  $pages++;
  }

// check to see if last page
  if (!((($s+$limit)/$limit)==$pages) && $pages!=1) {

  // not last page so give NEXT link
  $news=$s+$limit;

  echo " <a href=\"$PHP_SELF?s=$news&q=$var\">Next 10 >></a>";
  }

$a = $s + ($limit) ;
  if ($a > $numrows) { $a = $numrows ; }
  $b = $s + 1 ;
 // echo "<p>Showing results $b to $a of $numrows</p>";
  
?>

       <hr class="separator" />

     </div>

 

[Eric]

Forgetting the "Next 10" at the moment, you have many SQL Injection vulnerabilities in that code. You're using $trimmed in the SQL query without any validation whatsoever.

I suggest taking a look at mysql_real_escape_string

 

[iNod]

I'll just tell you what you are doing wrong rather than fixing it as you get more experience.

$s is the page number, so you should make it a page number. Currently it is the beginning of the first row. Instead of $s being the first limit (in your sql query) take that variable and times it by your limit so it is kept as the page number.

$s = page number (1,2,3,4,5,6)
$limit = 10 (number of items on one page)

So the next button should add 1 to $s and take $limit and times it by 2.

So the sql query should read

limit $s,$limit

when processed.

limit 10,20 (second page)

It currently is going to read

limit 10,10.

So take the $limit variable and times it by two before you do the sql query.

limit

Than change $news to $s++

That should do it, if you run into this problem again, take the sql query out of the php script and print it and run it by itself so you see what is being called, it will give you a very good idea what is needing to be fixed.

ALSO: Make sure you protect against SQL interjections as stated by SecondVersion.

- Steve

 

[aras]

Instead of
Select A from C
Select B from C
Select Z from C

You can just do a
Select A,B,Z from C

 

[freeflow]

Thanks everyone for your replies. @iNod: I understand the problem, but I‘m not sure how to implement your suggestions. Could you help me with the syntax?

So take the $limit variable and times it by two before you do the sql query.
limit

//Is this what you meant? 
$limit = $limit * 2;    
// get results    
$query .= "limit $s,$limit";
$result = mysql_query($query) or die("Couldn't execute query");

Than change $news to $s++

// not last page so give NEXT link   
$news=$s+$limit;    
//Is this what you meant?  
$news=$s++;

Instead of
Select A from C
Select B from C
Select Z from C

You can just do a
Select A,B,Z from C

Is this be correct?

$query = "select Link, LinkName, Icon from Web2 where Category like \"%$trimmed%\"";

or

$query = "select Link LinkName Icon from Web2 where Category like \"%$trimmed%\"";