CODEWITHSUNDEEP
phpmysqlpdopagination
Luke NB
Luke NB

Reputation: 27

PDO syntax or access violation error with pagination script

The code below works but if I type in some combinations such as index.php?page_no (wihtout a page #), or page_no=0 (zero that is, but page_no=1 and everything above works), or if I type in more than 19 numbers (e.g., 22222222222222222222) in the url (after index.php?page_no=) I get the following sort of error(s):

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '5.55555555556E+19,5' at line 1' in

or

Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-5,5' at line 1' in

My code is as follows:

Pagination:

<?php
class pager {
    private $db;

    function __construct($DB_con) {
        $this->db = $DB_con;
    }

    public function dataview($query)
    {
        $stmt = $this->db->prepare($query);
        $stmt->bindParam(passport, $_GET['passport'], PDO::PARAM_INT);
        $stmt->execute();
        if ($stmt->rowCount() > 0) {
            while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
                ?>

                // some html here and some echo of columns

                <?php
            }
        }
    }

    public function pagers($query,$records_per_page) {
        $starting_position=0;
        if(isset($_GET["page_no"])) {
            $starting_position=($_GET["page_no"]-1)*$records_per_page;
        }
        $query2=$query." limit $starting_position,$records_per_page";
        return $query2;
    }

    public function pagerslink($query,$records_per_page)
    {
        $self = $_SERVER['PHP_SELF'];
        $stmt = $this->db->prepare($query);
        $stmt->bindParam(passport, $_GET['passport'], PDO::PARAM_INT);
        $stmt->execute();
        $total_no_of_records = $stmt->rowCount();
        if($total_no_of_records > 0)
        {
            ?><tr><td colspan="7"><?php
            $total_no_of_pages=ceil($total_no_of_records/$records_per_page);
            $current_page=1;
            if(isset($_GET["page_no"]))
            {
                $current_page=$_GET["page_no"];
            }
            if($current_page!=1) {
                $previous =$current_page-1;
                echo "<a href='".$self."?page_no=1'>First</a>&nbsp;&nbsp;";
                echo "<a href='".$self."?page_no=".$previous."'>Previous</a>&nbsp;&nbsp;";
            }
            $x="";
            for($i=1;$i<=$total_no_of_pages;$i++) {
                if($i==$current_page) {
                    $x.= "<strong><a href='".$self."?page_no=".$i."' 
style='color:red;text-decoration:none'>".$i."</a></strong>&nbsp;&nbsp;";
                }
                elseif ($i>6 && $i!=$total_no_of_pages) {
                    $x.= ".";
                }
                else {
                    $x.= "<a href='".$self."?page_no=".$i."'>".$i."</a>&nbsp;&nbsp;";
                }
            }
            echo $x;
            if($current_page!=$total_no_of_pages)
            {
                $next=$current_page+1;
                echo "<a href='".$self."?page_no=".$next."'>Next</a>&nbsp;&nbsp;";
                echo
                    "<a href='".$self."page_no=".$total_no_of_pages."'>Last</a>&nbsp;&nbsp;";
            }
        }
    }
}

Index:

<?php
$query = "SELECT * FROM view-i-created ORDER BY passport DESC";
$records_per_page = 5;
$newquery = $pager->pagers($query,$records_per_page);
$pager->dataview($newquery);
$pager->pagerslink($query,$records_per_page);  
?>

Part of my Config file (I added the first line recently, didn't help):

$DB_con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
$DB_con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

I've been working around the clock, 24-7, on this for a number of days now. I didn't even know I had this problem until a couple of weeks ago when I stumbled upon the problem myself.

If anyone reading here can direct me in the right direction I would very much appreciate it. Thanks!

Upvotes: 1

Views: 198

Answers (1)

Hiphop03199
Hiphop03199

Reputation: 720

At a glance it looks like two sides of the same issue: An invalid argument for the SQL 'LIMIT' command.

At one end, you supply negative values: 

$starting_position=($_GET["page_no"]-1)*$records_per_page;

$query2=$query." limit $starting_position,$records_per_page";

When 'page_no' is 0, then the limit ends up as "LIMIT -5,5", which is invalid. To fix this, use something like this instead:

$limit_bounded = min(max(0, $starting_position), PHP_INT_MAX); // Bounded between 0 and PHP_INT_MAX, which is ~2147000000.
$query2=$query." limit $limit_bounded,$records_per_page";

At the high end, you could either be seeing an integer overflow, or just using too many characters for the upper bound of a limit.

As a security issue, you should escape arguments you use in SQL queries, especially when you are receiving them from $_GET, in order to prevent SQL injections (Someone malicious could request " ' DROP TABLES" or similar as the 'page_no' variable and cause issues for you.)

Upvotes: 2

Related Questions