当我检查这个url进行页面分页时,分页工作并在page和page=+1中显示页面结果:
mydomain/search.php?page=1
mydomain/search.php?page=2
但是当我检查这个网址时:
mydomain/search.php?page=-1
mydomain/search.php?page=-2
我看到这个错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 10' at line 1
我使用此分页代码打印结果:
// If number of results is bigger than the maximum number
// of search results set in config we start the pagination
if ( $results > $conf['search_results'] )
{
// Calculate the first number of page to show
// This makes the list of pages numbers smaller
if ((($page*$conf['search_results'])-($conf['search_results']*5)) >= 0)
$first=($page*$conf['search_results'])-($conf['search_results']*5);
else
$first=0;
// Calculate the last element of the pagination list
if ((($page*$conf['search_results'])+($conf['search_results']*6)) <= $results)
$last =($page*$conf['search_results'])+($conf['search_results']*6);
else
$last = $results;
@ $i=$first/$conf['search_results'];
// Previous link
if ($page > 0)
{
$pagenum = $page - 1;
echo ' <a style="float:left;" href="' . URL . '/search.php?page=' . $pagenum . '&' . $session->fetch('listingsearchvariablespage') . '">PRE</a> | ';
}
// Middle pagination
for ( $step = $first; $step < $last; $step=$step+$conf['search_results'] )
{
if ( $i == $page )
{
$pagenum = $i+1;
echo ' <span class="warning">' . $pagenum . '</span> | ';
$i++;
}
else
{
$pagenum = $i+1;
echo ' <a href="' . URL . '/search.php?page=' . $i . '&' . $session->fetch('listingsearchvariablespage') . '">' . $pagenum . '</a> | ';
$i++;
}
}
// Next link
if ($page - (($results / $conf['search_results']) - 1) < 0)
{
$pagenum = $page+1;
echo ' <a style="float:right;" href="' . URL . '/search.php?page=' . $pagenum . '&' . $session->fetch('listingsearchvariablespage') . '">NEXT</a>';
}
}
现在,如何修复负数错误并防止任何攻击?
最佳答案
我推荐一些简单的方法,比如:
if($page < 1)
$page = 1;