Re: [PHP] Alphabetical pagination (RESOLVED)
Here is what finally worked:
?php$letter =
isset($_GET['letter']) ? $_GET['letter'] : A;
//alphabetical pagination links
echo 'div align=centerb';
foreach(range('A','Z') as $c){
($letter == $c)
? printf('%snbsp',$c)
: printf('a
href=?letter=%s%s/anbsp;',$c,$c);
}echo
/b/divp;
//Show all restaurants that
start with $letter$sql
= SELECT * FROM restaurants WHERE name LIKE '{$letter}%';
$result = mysql_query($sql) or
die(mysql_error());
while($row = mysql_fetch_assoc($result)){
printf('div align=left
width=100b%s/bbr%s/br%s/br/divhr color=#000
width=200/hr',$row['name'],$row['address'],$result['cviolations']);
}
?
Thanks again everyone!!
On 7/15/09 10:48 AM, tedd tedd.sperl...@gmail.com wrote:
At 8:29 AM -0700 7/15/09, Miller, Terion wrote:
Hi all thanks for all the suggestions, I really had no idea this was
going to be so difficult..
I think you are making it more difficult than it has to be.
Please review what I said and try it out.
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alphabetical pagination (RESOLVED)
On Thu, Jul 16, 2009 at 9:33 AM, Miller,
Teriontmil...@springfi.gannett.com wrote:
Here is what finally worked:
?php $letter =
isset($_GET['letter']) ? $_GET['letter'] : A;
//alphabetical pagination links
echo 'div align=centerb';
foreach(range('A','Z') as $c){
($letter == $c)
? printf('%snbsp',$c)
: printf('a
href=?letter=%s%s/anbsp;',$c,$c);
}
echo /b/divp;
//Show all restaurants
that start with $letter
$sql = SELECT * FROM restaurants WHERE name LIKE '{$letter}%';
$result = mysql_query($sql) or
die(mysql_error());
while($row = mysql_fetch_assoc($result)){
printf('div align=left
width=100b%s/bbr%s/br%s/br/divhr color=#000
width=200/hr',$row['name'],$row['address'],$result['cviolations']);
}
?
Thanks again everyone!!
Terion,
I hope that isn't your final answer. This has SQL injection written
all over it since you are neither validating that $letter is actually
a letter, nor are you escaping it before passing it off to MySQL.
?php
$letter = isset($_GET['letter']) ? $_GET['letter'] : 'A';
if (!preg_match('/^[A-Z]$/i', $letter) {
$letter = 'A';
/*
Rather than setting $letter to 'A' and continuing,
you could generate an error if you end up in here
so you can let the user know that what they passed
was invalid.
*/
}
//
?
In this case, it should be safe to use $letter directly in the query
without passing it through mysql_real_escape_string() since it should
only contain a single harmless alphanumeric letter, but it wouldn't
hurt (and may still be a good idea) to go ahead and escape the value
in the query anyway just in case something in your code changes later
that might cause some cruft to slip in.
Andrew
Re: [PHP] Alphabetical pagination (RESOLVED)
On Thu, Jul 16, 2009 at 12:01 PM, Miller, Terion
tmil...@springfi.gannett.com wrote:
One question I still have...I had help with this script of course and I'm
confused with the %s what does it do?
On 7/16/09 9:53 AM, Martin Scotta martinsco...@gmail.com wrote:
On Thu, Jul 16, 2009 at 11:01 AM, Andrew Ballard aball...@gmail.com
wrote:
On Thu, Jul 16, 2009 at 9:33 AM, Miller,
Teriontmil...@springfi.gannett.com wrote:
Here is what finally worked:
?php$letter
= isset($_GET['letter']) ? $_GET['letter'] : A;
//alphabetical pagination links
echo 'div align=centerb';
foreach(range('A','Z') as
$c){ ($letter ==
$c)?
printf('%snbsp',$c)
: printf('a href=?letter=%s%s/anbsp;',$c,$c);
}
echo /b/divp;
//Show all restaurants that start with $letter
$sql = SELECT * FROM restaurants WHERE name LIKE
'{$letter}%';
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_assoc($result)){
printf('div
align=left width=100b%s/bbr%s/br%s/br/divhr color=#000
width=200/hr',$row['name'],$row['address'],$result['cviolations']);
}
?
Thanks again everyone!!
Terion,
I hope that isn't your final answer. This has SQL injection written
all over it since you are neither validating that $letter is actually
a letter, nor are you escaping it before passing it off to MySQL.
?php
$letter = isset($_GET['letter']) ? $_GET['letter'] : 'A';
if (!preg_match('/^[A-Z]$/i', $letter) {
$letter = 'A';
/*
Rather than setting $letter to 'A' and continuing,
you could generate an error if you end up in here
so you can let the user know that what they passed
was invalid.
*/
}
//
?
In this case, it should be safe to use $letter directly in the query
without passing it through mysql_real_escape_string() since it should
only contain a single harmless alphanumeric letter, but it wouldn't
hurt (and may still be a good idea) to go ahead and escape the value
in the query anyway just in case something in your code changes later
that might cause some cruft to slip in.
Andrew
My point of view:
# i'll use constants for these values
assert( ord('A') == 0x41 );
assert( ord('Z') == 0x5A );
# 1. get the ascii code of the 1st character or from A=0x41
$letter = ord( array_key_exists('letter', $_GET) ? strtoupper(
$_GET['letter']{0} ) : 'A' );
# 2. different solutions
# 2.a check if it is range ussing = ussing constants (faster)
$letter = chr( 0x41= $letter $letter = 0x5A ? $letter : 0x41 );
# 2. different solutions
# 2.b check if it is range min/max and with constants (faster)
$letter = chr( min( max(0x41, $letter), 0x5A) );
I'd use the 2.b but this has different behaviour when $letter Z (should
this ever happen?)
In the other hand I think it is the faster one.
printf has it's own mini-syntax.
This was implemented in C.
PHP's printf syntax is very similar, but with some cool add-ons
http://php.net/printf
The detailed description of format are here: http://php.net/sprintf
--
Martin Scotta
