De: George J [mailto:[EMAIL PROTECTED]
> So calling the script via the form works i.e it passes the > neccessary variables to constrct the sql query for the next > call. As Shawn said, if you really need the query again add it to session, never, NEVER give the user the ability to see/execute queries by himself (remember POST data could be easily manipulated). Remember what Daniel said, adding a DELETE FROM is not hard and veeery bad. > If the user clicks one of the pagination links, that > calls itself, all that is passed is the page=$i variable. I > need to include the 'SELECT * FROM...' query either as a string > or an array of seperate values for the changed query. Ok, let me ask you something. Why post to itself? You could have a script only to do form actions, that way you can: 1 Separate huge php validations with your html form. 2 Use functions to handle the incoming data and writing the new query (or the old one again). As it's built at server side, the user is never going to see your query or [1]manipulate it as you're writing it all over again, just using your old parameters (they could be added as hidden fields in the form if strictly necessary). > So, as I see it, the pagination links won't POST the form > variables. How do I pass the 'SELECT * FROM mytable WHERE > selection=option LIMIT start, range' > query to the called script? You should try building a default query where you only add the parameters given by the user. If you can't seem to recover that, add them to $_SESSION and you'll be fine next time you want them (if you don't overwrite it =] ). > George Welcome and keep asking :) [1] As long as you treat the user input properly, as other said. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
