Re: [PHP] Alphabetical pagination (RESOLVED)
Here is what finally worked: ?php$letter = isset($_GET['letter']) ? $_GET['letter'] : A; //alphabetical pagination links echo 'div align=centerb'; foreach(range('A','Z') as $c){ ($letter == $c) ? printf('%snbsp',$c) : printf('a href=?letter=%s%s/anbsp;',$c,$c); }echo /b/divp; //Show all restaurants that start with $letter$sql = SELECT * FROM restaurants WHERE name LIKE '{$letter}%'; $result = mysql_query($sql) or die(mysql_error()); while($row = mysql_fetch_assoc($result)){ printf('div align=left width=100b%s/bbr%s/br%s/br/divhr color=#000 width=200/hr',$row['name'],$row['address'],$result['cviolations']); } ? Thanks again everyone!! On 7/15/09 10:48 AM, tedd tedd.sperl...@gmail.com wrote: At 8:29 AM -0700 7/15/09, Miller, Terion wrote: Hi all thanks for all the suggestions, I really had no idea this was going to be so difficult.. I think you are making it more difficult than it has to be. Please review what I said and try it out. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Alphabetical pagination (RESOLVED)
On Thu, Jul 16, 2009 at 9:33 AM, Miller, Teriontmil...@springfi.gannett.com wrote: Here is what finally worked: ?php $letter = isset($_GET['letter']) ? $_GET['letter'] : A; //alphabetical pagination links echo 'div align=centerb'; foreach(range('A','Z') as $c){ ($letter == $c) ? printf('%snbsp',$c) : printf('a href=?letter=%s%s/anbsp;',$c,$c); } echo /b/divp; //Show all restaurants that start with $letter $sql = SELECT * FROM restaurants WHERE name LIKE '{$letter}%'; $result = mysql_query($sql) or die(mysql_error()); while($row = mysql_fetch_assoc($result)){ printf('div align=left width=100b%s/bbr%s/br%s/br/divhr color=#000 width=200/hr',$row['name'],$row['address'],$result['cviolations']); } ? Thanks again everyone!! Terion, I hope that isn't your final answer. This has SQL injection written all over it since you are neither validating that $letter is actually a letter, nor are you escaping it before passing it off to MySQL. ?php $letter = isset($_GET['letter']) ? $_GET['letter'] : 'A'; if (!preg_match('/^[A-Z]$/i', $letter) { $letter = 'A'; /* Rather than setting $letter to 'A' and continuing, you could generate an error if you end up in here so you can let the user know that what they passed was invalid. */ } // ? In this case, it should be safe to use $letter directly in the query without passing it through mysql_real_escape_string() since it should only contain a single harmless alphanumeric letter, but it wouldn't hurt (and may still be a good idea) to go ahead and escape the value in the query anyway just in case something in your code changes later that might cause some cruft to slip in. Andrew
Re: [PHP] Alphabetical pagination (RESOLVED)
On Thu, Jul 16, 2009 at 12:01 PM, Miller, Terion tmil...@springfi.gannett.com wrote: One question I still have...I had help with this script of course and I'm confused with the %s what does it do? On 7/16/09 9:53 AM, Martin Scotta martinsco...@gmail.com wrote: On Thu, Jul 16, 2009 at 11:01 AM, Andrew Ballard aball...@gmail.com wrote: On Thu, Jul 16, 2009 at 9:33 AM, Miller, Teriontmil...@springfi.gannett.com wrote: Here is what finally worked: ?php$letter = isset($_GET['letter']) ? $_GET['letter'] : A; //alphabetical pagination links echo 'div align=centerb'; foreach(range('A','Z') as $c){ ($letter == $c)? printf('%snbsp',$c) : printf('a href=?letter=%s%s/anbsp;',$c,$c); } echo /b/divp; //Show all restaurants that start with $letter $sql = SELECT * FROM restaurants WHERE name LIKE '{$letter}%'; $result = mysql_query($sql) or die(mysql_error()); while($row = mysql_fetch_assoc($result)){ printf('div align=left width=100b%s/bbr%s/br%s/br/divhr color=#000 width=200/hr',$row['name'],$row['address'],$result['cviolations']); } ? Thanks again everyone!! Terion, I hope that isn't your final answer. This has SQL injection written all over it since you are neither validating that $letter is actually a letter, nor are you escaping it before passing it off to MySQL. ?php $letter = isset($_GET['letter']) ? $_GET['letter'] : 'A'; if (!preg_match('/^[A-Z]$/i', $letter) { $letter = 'A'; /* Rather than setting $letter to 'A' and continuing, you could generate an error if you end up in here so you can let the user know that what they passed was invalid. */ } // ? In this case, it should be safe to use $letter directly in the query without passing it through mysql_real_escape_string() since it should only contain a single harmless alphanumeric letter, but it wouldn't hurt (and may still be a good idea) to go ahead and escape the value in the query anyway just in case something in your code changes later that might cause some cruft to slip in. Andrew My point of view: # i'll use constants for these values assert( ord('A') == 0x41 ); assert( ord('Z') == 0x5A ); # 1. get the ascii code of the 1st character or from A=0x41 $letter = ord( array_key_exists('letter', $_GET) ? strtoupper( $_GET['letter']{0} ) : 'A' ); # 2. different solutions # 2.a check if it is range ussing = ussing constants (faster) $letter = chr( 0x41= $letter $letter = 0x5A ? $letter : 0x41 ); # 2. different solutions # 2.b check if it is range min/max and with constants (faster) $letter = chr( min( max(0x41, $letter), 0x5A) ); I'd use the 2.b but this has different behaviour when $letter Z (should this ever happen?) In the other hand I think it is the faster one. printf has it's own mini-syntax. This was implemented in C. PHP's printf syntax is very similar, but with some cool add-ons http://php.net/printf The detailed description of format are here: http://php.net/sprintf -- Martin Scotta