Secure/Powerful php/mysql pagination and display

[blacksnday]

To always have access to the latest CVS version
(which would have updates and fixes if needed)
you can always point your browser to my CVS at:
http://dev.bmescripts.com/index.cgi/opensource/dirview?d=opensource
(I only allow browser-based access at this time, so you can't use a client to get/maintain versions)

In case the forums mess up original code lines/etc... go to above url for file access.

When I first started to teach myself php coding, the most
frustating thing for me was how to paginate properly.
After I wrote this pagination class, I realized how powerful and easy to use it was and felt the urge to share it with other people so that hopefully it can ease their pains... the same pains I once felt!

With the below pagination, being used as php Class(for 4x compatible)
You can quickly and easily customize all and any part of how the links are to be displayed as well as use up to 6 URL Params and even declare them all at once then let them hangout until they are needed.

The below Pagination code will Spit out the Prev/Current/Next links
as well as spit out whatever article/item you are pagination
so it's an All-In-One solution.


Since I believe in Security, This class uses my Secure_Url_Param function
which is listed first in this post.
The secure_url_param() basically allows for two types of checks
based on the $_GET (or even $_POST if you want) request.
You can have it check for numbers only, or for Alpha/Num/and other characters you wish to allow.

To illustrate this, if I had the URL of:
me.com?you=1
and I wanted to deny ANYTHING in the 'you' $_GET param that was not a number then I would simply declare the function like:
$check = secure_url_param($num=$_GET['you'], $nonum);

With that said, here is the function with comments on use:

/*
		Secure Url Param VERSION 1.1

		BASHMYEX.COM Secure Url Param TO
		protect url $_GET (and maybe $_POST) values

		WRITTEN BY:
		JOE F. (OWNER/DEVELOPER OF BASHMYEX.COM)
		Free to use for any purpose as long as the
		proper credits are given to the original author.

   secure_url_param - determine if url param is valid
                      if not valid - deny it.  if valid - accept it.

   EXAMPLE USAGE: $bash = secure_url_param($num=$_GET['bash'], $nonum);

   is valid         - http://bashmyex.com/index.php?action=bash&bash=1
   is not valid     - http://bashmyex.com/index.php?action=bash&bash=F1

   @param string $num  check get value for number. if no number - deny it

   @param string $nonum  check get value for num/alpha. if not - deny it

   can also add other characters you wish to allow for $nonum
   I added an allowed _ for example purposes

*/

function secure_url_param($num=FALSE, $nonum=FALSE)
{
	if ($num)
	{
		if ( is_numeric($num) ) { return $num; }
		else { exit("deny message");}
	}

	if ($nonum)
	{
		if ( preg_match('/^[a-z0-9_]*$/i', $nonum) ) { return $nonum; }
		else { exit("deny message");}
	}
}

So now that we can make sure our Pagination URL Params will
only accept what we want, Lets go ahead and now show the pagination code.
The code below is fully documented on how to use.
Below the code I will talk about some things that have confused people
in other places I have posted this.

/*
		PAGEME VERSION 1.3

		BASHMYEX.COM PAGINATION CLASS TO
		DISPLAY PREV-NEXT LINKS ACROSS ALL OF BASHMYEX.COM

		WRITTEN BY:
		JOE F. (OWNER/DEVELOPER OF BASHMYEX.COM)
		Free to use for any purpose as long as the
		proper credits are given to the original author.


		IMPORTANT!!!
		The proper way to use this is to remember one
		VERY IMPORTANT THING:
			$pageme->bme_page_param_two();
		WILL ALWAYS BE USED AS THE MAIN PAGER SELECTION/COUNTER VALUE
		NO MATTER HOW MANY OTHER URL PARAMS YOU HAVE SET!!

		So if you only use ONE url Param... then you must use
		$pageme->bme_page_param_two(); to declare it!


		USAGE EXAMPLE:
		INITIATE CLASS AND DECLARE HOW LINKS ARE TO BE DISPLAYED:
			$pageme =& new bme_pagination("<-- View Previous |", "Article Page", "of", "| View Next -->");
			$pageme->bme_page_param_one('member');
			$pageme->bme_page_param_two('post');

			$query = "SELECT * FROM table WHERE foo='$boo' ";
			$result = $pageme->bme_paginate($query, $rows_per_page='10');
			///	Don't forgot your sql while or other output statments here! ///

		Then display links by echoing them out:
			echo "
				$pageme->previous()
        		$pageme->current()
        		$pageme->next()
        		";
*/

class bme_pagination {


		/**
		 * Constructor of the bme_pagination
		 * If user defines what Links should read as, we define it here
		 * Otherwise we make the defaults
		 *
		 * @param PHP_SELF: Should be enough said
		 * @param prev:     What Previous link text should read as
		 * @param current:  What Current Page link text should read as
		 * @param of:       What Of(current page 1 OF 2) link text should read as
		 * @param next:     What Next link text should read as
		 */
		function bme_pagination($prev, $current, $of, $next)
		{

			$this->PHP_SELF = $_SERVER['PHP_SELF'];

			//set default links display or use user defined
				if(!$prev)
				{
				  $this->prev = "<- Previous Page |";
				  }else{
				    $this->prev = $prev;
					}

				if(!$current)
				{
				  $this->current = "Current Page:";
				  }else{
				    $this->current = $current;
					}

				if(!$of)
				{
				  $this->of = "of";
				  }else{
				    $this->of = $of;
					}

				if(!$next)
				{
				  $this->next = "| Next Page ->";
				  }else{
				    $this->next = $next;
					}
		}

        /**
         * $_GETs the first url param value
         * Then sets the first param
		 *
		 * @param param: The url param
		 * example:      $param = bme_page_param_one('first')
		 * would make:   first=value
		 *
		 * full url example:     http://bashmyex.com/index.php?first=1
         */
		function bme_page_param_one($param)
		{
  			$this->get_param_one = secure_url_param($num, $nonum=$_GET[$param]);
  			$this->param_one = "{$param}={$this->get_param_one}&";
  		}

        /**
         * $_GETs the second url param value
         * Then sets the second param
		 *
		 * @param param: The url param
		 * example:      $param = bme_page_param_two('second')
		 * would make:    second=value
		 *
		 * full url example based on combing first and second:
		 * http://bashmyex.com/index.php?first=1&second=2
         */
		function bme_page_param_two($param)
		{
  			$this->param_two = $param;
  			$this->get_param_two = secure_url_param($num, $nonum=$_GET[$this->param_two]);
		}


		/**
		* Sets optional 3rd, 4rth, 5th, 6th url params
		* While the above two bme_page_params allows for custom URL param's
		* They are limited and only allow to declare ONE PARAM each.
		*
		* This baby here allows you to create up to 4 seperate url Params
		* Giving a total of 6 possible URL Params from one Pagination Class!
		* USAGE WOULD BE LIKE: (will use above two to illustrate the purpose
		*
	 	* $pageme->bme_page_param_one('member');
		* $pageme->bme_page_param_two('post');
		* Would create and control a URL string LIKE:
		*	member=Blacksnday&post=0
		*
		* Now what if you need more then just two URL Params?
		* WATCH THIS..............
		*
		* Create the first two just like above:
		*	 	$pageme->bme_page_param_one('member');
		*		$pageme->bme_page_param_two('post');
		* Now create this baby!
		*		$pageme->bme_page_param_three('cat', $param2, $param3, $param4);
		*			And with all there, your url could like something like:
		*				member=Blacksnday&cat=Media_Rants&post=0
		*/

		function bme_page_param_three($param, $param2, $param3, $param4)
		{

	  		if($_GET[$param])
			  {
  				$this->get_param_three_one = secure_url_param($num, $nonum=$_GET[$param]);
  				$this->param_three_one = "{$param}={$this->get_param_three_one}&";
  				}

  			if($_GET[$param2])
			  {
  				$this->get_param_three_two = secure_url_param($num, $nonum=$_GET[$param2]);
  				$this->param_three_two = "{$param2}={$this->get_param_three_two}&";
  				}

  			if($_GET[$param3])
			  {
  				$this->get_param_three_three = secure_url_param($num, $nonum=$_GET[$param3]);
  				$this->param_three_three = "{$param3}={$this->get_param_three_three}&";
  				}

  			if($_GET[$param4])
			  {
  				$this->get_param_three_four = secure_url_param($num, $nonum=$_GET[$param4]);
  				$this->param_three_four = "{$param4}={$this->get_param_three_four}&";
  				}
		}


		function bme_paginate($query, $rows_per_page)
		{

			$result        = mysql_query($query);
			$this->screen  = $this->get_param_two;
			$total_records = mysql_num_rows($result);

				if (!$rows_per_page) { $rows_per_page = 10; }
				if (!isset($this->screen)) { $this->screen = 0; }

			$this->pages = ceil($total_records / $rows_per_page);
			$start       = $this->screen * $rows_per_page;
			$query      .= "LIMIT $start, $rows_per_page";
			$result      = mysql_query($query);

			return $result;
		}


		function previous()
		{

			if ($this->get_param_two > 0)
			{
        		$j = $this->get_param_two - 1;
        		$url = "{$siteurl}{$this->PHP_SELF}?
					{$this->param_one}
					{$this->param_three_one}
					{$this->param_three_two}
					{$this->param_three_three}
					{$this->param_three_four}
					{$this->param_two}={$j}#focus";

        		$nav = "<a href='$url'>{$this->prev}</a> ";

        		return $nav;
    		}

		}


		function current()
		{

			$p = 1;
    		$lower = $p;
    		$upper = $this->get_param_two+$p;
    			while($upper>$this->pages)
    			{
            		$p = $p-1;
            		$upper = $this->get_param_two+$p;
        		}

        	if($p<$lower)
        	{
            	$y = $lower-$p;
            	$to = $this->get_param_two-$y;
            		while($to<0)
            		{
                		$to++;
            		}
        	}

			for ($i=$this->get_param_two;$i<$upper;$i++)
			{
				$url = "{$siteurl}{$this->PHP_SELF}?
					{$this->param_one}
					{$this->param_three_one}
					{$this->param_three_two}
					{$this->param_three_three}
					{$this->param_three_four}";

    			$j = $i + 1;
    			$n = $j - 1;
    			$nav = "<a href='{$url}{$this->param_two}={$n}'>{$this->current} {$j} {$this->of} {$this->pages}</a>";

				return $nav;
			}
 		}


		function next()
		{

			if ($this->screen < $this->pages-1)
			{
				$j = $this->get_param_two + 1;
				$url = "{$siteurl}{$this->PHP_SELF}?
						{$this->param_one}
						{$this->param_three_one}
						{$this->param_three_two}
						{$this->param_three_three}
						{$this->param_three_four}
						{$this->param_two}={$j}#focus";

				$nav = "<a href='$url'>{$this->next}</a>";

				return $nav;
			}

		}

}

First thing someone pointed out to me, which just proves they didnt read
the code comments, but alas I will mention it here:

1. If you declare links using:

bme_page_param_one();
bme_page_param_two();

then if you only use One url param and use:
bme_page_param_one();
to declare it, then the whole code will throw errors since it needs
bme_page_param_two();

VERY TRUE!!!
Any pagination needs a way constant way to know what and how to select.
bme_page_param_two(); is that way for me.
So if you only need one URL param, then you must use
bme_page_param_two(); to declare it :P

2. The $rows_per_page is not protected or filtered and therefore
is ripe for sql injection as it is used right within the query.

VERY TRUE!!
However as this is coded, it is not intended to be a user defined value.
It is coded to be an owner defined value and I highly doubt you would want to
attack your own website.
Either way, you can easily secure the value by throwing in the already used
secure_url_param function