Hi list,GURU,
For the first notice error, if you try to get value from post,get variable
and the value is not sent or not present you have this kind of notice
error, this is why you have to check for every get/post value if it's set
or it's secure and you can do it with isset or empty:
example:
$start = ( !empty($_GET['start']) )?$_GET['start']:null;
// if $_GET['start'] is empty so store null on $start else store
$_GET['start']
also dont forget to filter your fields and investigate more to understand
better how to make a secure php program, about the $x it's not initialised
you increment it without begining value so php told you ++ of what ?
hope this email will help you and good luck in making the php world more
secure,
Great Regard
zendyani
2011/6/29 Guru™ <nagendra802000@xxxxxxxxx>
> Hi All,
>
> I have this search code for a library. however I have the same script in 2
> different files, one with just search script and another with the
> pagination. But when I combined it its giving me few errors. I am getting
> the below errors.
>
>
> *Notice*: Undefined index: start in *C:\wamp\www\search with
> pagenatation\search.php* on line *12*
>
> *Notice*: Undefined variable: x in *C:\wamp\www\search with
> pagenatation\search.php* on line *41*
>
> *Notice*: Undefined variable: construct in *C:\wamp\www\search with
> pagenatation\search.php* on line *43*
>
> *Warning*: mysql_num_rows() expects parameter 1 to be resource, boolean
> given in *C:\wamp\www\search with pagenatation\search.php* on line *56*
>
> No results found.
>
>
> ****************************************************************************************************************
> *
>
> Here is the search.php code:*
>
> <?PHP
>
> @mysql_connect("localhost","root","") or die("couldn't connect");
> @mysql_select_db("search") or die("couldn't select database.");
>
> // max displayed per page
> $per_page = 1;
>
> //get data
> $button = $_GET['submit'];
> $search = $_GET['search'];
> $start = $_GET['start'];
>
> // count records
> $record_count = mysql_num_rows(mysql_query("SELECT * FROM search"));
>
> //count max pages
> $max_pages = ceil($record_count / $per_page); // may come out as decimal
>
> if (!$start)
> $start = 0;
>
> if ($button=0)//or try ==0 its bean a long time
> echo "<code><br> You didn't submit a keyword.</code>";
> else
> {
> if (strlen($search)<=2)
> echo "<code style='width: 100%;'><br> Search term too short.</code>";
> else
> {
> echo "<code>You searched for <b>$search</b></code>";
>
>
> //explode our search term
> $search_exploded = explode(" ",$search);
>
> foreach($search_exploded as $search_each)
> {
>
> //construct query
> $x++;
> if ($x==1)
> $construct .= "keywords LIKE '%$search_each%'";
> else
> $construct .= " OR keywords LIKE '%$search_each%'";
>
> }
>
>
>
> //echo out construct
>
> $construct = "SELECT * FROM search WHERE $construct LIMIT $start,
> $per_page";
> $run = mysql_query($construct);
>
> $foundnum = mysql_num_rows($run);
>
> echo $foundnum;
>
> if ($foundnum==0)
> echo "<code><br> No results found.</code>";
> else
> {
> echo "<code> $foundnum results found!</code>";
>
> while ($runrows = mysql_fetch_assoc($run))
> {
> //get data
>
> $title = $runrows['title'];
> $desc = $runrows['desc'];
> $key = $runrows['keywords'];
> $url = $runrows['url'];
>
> echo "
> <table class='search-results'>
> <tr>
>
> <td>
> <p id='headline'>Game: <a href='$url'>$title</a></p>
> <p id='descript'>$desc</p>
> <p id='tags'>Tags: $key</p>
> </td>
> </tr>
> </table>
> ";
>
> }
> // setup navagation
> $prev = $start - $per_page;
> $next = $start + $per_page;
>
> // prev button
> if(!($start<=0))
> echo " <a href='search.php?search=$search&start=$prev'>Prev</a> ";
>
>
>
> // show page numbers
>
> //set variable for first page
> $i=1;
>
> for ($x=0;$x<$max_pages;$x=$x+$per_page)
> {
> if ($start!=$x)
> echo " <a href='search.php?search=$search&start=$x'>$i</a>
> ";
> else
> echo " <a
> href='search.php?search=$search&start=$x'><b>$i</b></a> ";
> $i++;
> }
>
>
>
> /*for ($x=0;$x<$record_count;$x=$x+$per_page)
> {
> if ($start!=$x)
> echo " <a href='search.php?search=$search&start=$x'>$i</a>
> ";
> else
> echo " <a
> href='search.php?search=$search&start=$x'><b>$i</b></a> ";
> $i++;
> }
> */
>
> // next button
> if(!($start>=$record_count-$per_page))
> echo " <a href='search.php?search=$search&start=$next'>Next</a> ";
>
> }
>
>
>
> }
> }
>
>
> ?>
>
>
>
>
> --
> *Best,
> *
> *Guru™*
>
