当我检查此网页分页的网址时,分页工作并在页面和页面显示页面结果= + 1:
mydomain/search.php?page=1
mydomain/search.php?page=2
但是当我查看这个网址时:
mydomain/search.php?page=-1
mydomain/search.php?page=-2
我看到了这个错误:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-20, 10' at line 1
我使用此分页代码打印结果:
// If number of results is bigger than the maximum number
// of search results set in config we start the pagination
if ( $results > $conf['search_results'] )
{
// Calculate the first number of page to show
// This makes the list of pages numbers smaller
if ((($page*$conf['search_results'])-($conf['search_results']*5)) >= 0)
$first=($page*$conf['search_results'])-($conf['search_results']*5);
else
$first=0;
// Calculate the last element of the pagination list
if ((($page*$conf['search_results'])+($conf['search_results']*6)) <= $results)
$last =($page*$conf['search_results'])+($conf['search_results']*6);
else
$last = $results;
@ $i=$first/$conf['search_results'];
// Previous link
if ($page > 0)
{
$pagenum = $page - 1;
echo ' <a style="float:left;" href="' . URL . '/search.php?page=' . $pagenum . '&' . $session->fetch('listingsearchvariablespage') . '">PRE</a> | ';
}
// Middle pagination
for ( $step = $first; $step < $last; $step=$step+$conf['search_results'] )
{
if ( $i == $page )
{
$pagenum = $i+1;
echo ' <span class="warning">' . $pagenum . '</span> | ';
$i++;
}
else
{
$pagenum = $i+1;
echo ' <a href="' . URL . '/search.php?page=' . $i . '&' . $session->fetch('listingsearchvariablespage') . '">' . $pagenum . '</a> | ';
$i++;
}
}
// Next link
if ($page - (($results / $conf['search_results']) - 1) < 0)
{
$pagenum = $page+1;
echo ' <a style="float:right;" href="' . URL . '/search.php?page=' . $pagenum . '&' . $session->fetch('listingsearchvariablespage') . '">NEXT</a>';
}
}
现在,如何为负数修复此错误并防止任何攻击?
答案 0 :(得分:2)
我推荐一些简单的东西:
if($page < 1)
$page = 1;
答案 1 :(得分:0)
LIMIT -20,10语法无效 - 您无法获得负偏移。您应该将值限制在有效的页面范围内。