Pagination - How to don't allow the user to go further the existing pages?












2














Sorry if the title of the question is too bad, i'm new on php and i don't know if there's a specific name for this.



I have only to 2 records and i limited the pagination to show only 1 records per page, then I will have 2 pages, and I can access these pages with &tab=1 and &tab=2, on my current code if i write on the URL: &tab=-2, &tab=-1, &tab=0, &tab=3, &tab=4, &tab=5 I can go to that page, and on that page I will see none records because as i said i have only 2 pages.



My questions:



1. There's any security issues on it?



2. How to don't allow the user to go further the existing pages?



This is my pagination code:



<?php
if(empty($_GET['tab'])){}else{$page = $_GET['tab'];}
if(isset($page)){$page = $_GET['tab'];}else{$page = 1;}
$maximoVEP = 1;
$startVEP = (($maximoVEP * $page) - $maximoVEP);
$title = 'Asic';

$stmtVEP = $db->prepare("SELECT count(*) FROM table WHERE data = 'vm' AND title = :title");
$stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
$stmtVEP->execute();
$total = $stmtVEP->fetchColumn();
$total_pages = ceil($total/$maximoVEP);

echo '<nav aria-label="Page navigation example">';
echo '<ul class="pagination paginationEp ml-1 mr-1">';
if ($page >= 2){

echo '<li class="page-item">';
echo '<a class="page-link" href="?p=';
echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
echo '&tab='.($page-1).'"><i class="fas fa-angle-left"></i> ANTERIOR</a>';
echo '</li>';
}

echo '<li class="page-item">';
echo '<a class="page-link" href="';
echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
echo '"><i class="fas fa-list-ul"></i></i></a>';
echo '</li>';

if ($page < $total_pages){

echo '<li class="page-item">';
echo '<a class="page-link" href="?p=';
echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
echo '&tab='.($page+1).'">PRÓXIMO <i class="fas fa-angle-right"></i></a>';
echo '</li>';

}
echo '</nav>';

$conn = null;
?>


And the query:



$stmtUTP = $db->prepare("SELECT `id`, `title` FROM table WHERE data = 'vm' ORDER BY id DESC LIMIT :start, :max");
$stmtUTP->bindValue(':start', $startVEP, PDO::PARAM_INT);
$stmtUTP->bindValue(':max', $maximoVEP, PDO::PARAM_INT);
$stmtUTP->execute();









share|improve this question





























    2














    Sorry if the title of the question is too bad, i'm new on php and i don't know if there's a specific name for this.



    I have only to 2 records and i limited the pagination to show only 1 records per page, then I will have 2 pages, and I can access these pages with &tab=1 and &tab=2, on my current code if i write on the URL: &tab=-2, &tab=-1, &tab=0, &tab=3, &tab=4, &tab=5 I can go to that page, and on that page I will see none records because as i said i have only 2 pages.



    My questions:



    1. There's any security issues on it?



    2. How to don't allow the user to go further the existing pages?



    This is my pagination code:



    <?php
    if(empty($_GET['tab'])){}else{$page = $_GET['tab'];}
    if(isset($page)){$page = $_GET['tab'];}else{$page = 1;}
    $maximoVEP = 1;
    $startVEP = (($maximoVEP * $page) - $maximoVEP);
    $title = 'Asic';

    $stmtVEP = $db->prepare("SELECT count(*) FROM table WHERE data = 'vm' AND title = :title");
    $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
    $stmtVEP->execute();
    $total = $stmtVEP->fetchColumn();
    $total_pages = ceil($total/$maximoVEP);

    echo '<nav aria-label="Page navigation example">';
    echo '<ul class="pagination paginationEp ml-1 mr-1">';
    if ($page >= 2){

    echo '<li class="page-item">';
    echo '<a class="page-link" href="?p=';
    echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
    echo '&tab='.($page-1).'"><i class="fas fa-angle-left"></i> ANTERIOR</a>';
    echo '</li>';
    }

    echo '<li class="page-item">';
    echo '<a class="page-link" href="';
    echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
    echo '"><i class="fas fa-list-ul"></i></i></a>';
    echo '</li>';

    if ($page < $total_pages){

    echo '<li class="page-item">';
    echo '<a class="page-link" href="?p=';
    echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
    echo '&tab='.($page+1).'">PRÓXIMO <i class="fas fa-angle-right"></i></a>';
    echo '</li>';

    }
    echo '</nav>';

    $conn = null;
    ?>


    And the query:



    $stmtUTP = $db->prepare("SELECT `id`, `title` FROM table WHERE data = 'vm' ORDER BY id DESC LIMIT :start, :max");
    $stmtUTP->bindValue(':start', $startVEP, PDO::PARAM_INT);
    $stmtUTP->bindValue(':max', $maximoVEP, PDO::PARAM_INT);
    $stmtUTP->execute();









    share|improve this question



























      2












      2








      2


      1





      Sorry if the title of the question is too bad, i'm new on php and i don't know if there's a specific name for this.



      I have only to 2 records and i limited the pagination to show only 1 records per page, then I will have 2 pages, and I can access these pages with &tab=1 and &tab=2, on my current code if i write on the URL: &tab=-2, &tab=-1, &tab=0, &tab=3, &tab=4, &tab=5 I can go to that page, and on that page I will see none records because as i said i have only 2 pages.



      My questions:



      1. There's any security issues on it?



      2. How to don't allow the user to go further the existing pages?



      This is my pagination code:



      <?php
      if(empty($_GET['tab'])){}else{$page = $_GET['tab'];}
      if(isset($page)){$page = $_GET['tab'];}else{$page = 1;}
      $maximoVEP = 1;
      $startVEP = (($maximoVEP * $page) - $maximoVEP);
      $title = 'Asic';

      $stmtVEP = $db->prepare("SELECT count(*) FROM table WHERE data = 'vm' AND title = :title");
      $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
      $stmtVEP->execute();
      $total = $stmtVEP->fetchColumn();
      $total_pages = ceil($total/$maximoVEP);

      echo '<nav aria-label="Page navigation example">';
      echo '<ul class="pagination paginationEp ml-1 mr-1">';
      if ($page >= 2){

      echo '<li class="page-item">';
      echo '<a class="page-link" href="?p=';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '&tab='.($page-1).'"><i class="fas fa-angle-left"></i> ANTERIOR</a>';
      echo '</li>';
      }

      echo '<li class="page-item">';
      echo '<a class="page-link" href="';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '"><i class="fas fa-list-ul"></i></i></a>';
      echo '</li>';

      if ($page < $total_pages){

      echo '<li class="page-item">';
      echo '<a class="page-link" href="?p=';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '&tab='.($page+1).'">PRÓXIMO <i class="fas fa-angle-right"></i></a>';
      echo '</li>';

      }
      echo '</nav>';

      $conn = null;
      ?>


      And the query:



      $stmtUTP = $db->prepare("SELECT `id`, `title` FROM table WHERE data = 'vm' ORDER BY id DESC LIMIT :start, :max");
      $stmtUTP->bindValue(':start', $startVEP, PDO::PARAM_INT);
      $stmtUTP->bindValue(':max', $maximoVEP, PDO::PARAM_INT);
      $stmtUTP->execute();









      share|improve this question















      Sorry if the title of the question is too bad, i'm new on php and i don't know if there's a specific name for this.



      I have only to 2 records and i limited the pagination to show only 1 records per page, then I will have 2 pages, and I can access these pages with &tab=1 and &tab=2, on my current code if i write on the URL: &tab=-2, &tab=-1, &tab=0, &tab=3, &tab=4, &tab=5 I can go to that page, and on that page I will see none records because as i said i have only 2 pages.



      My questions:



      1. There's any security issues on it?



      2. How to don't allow the user to go further the existing pages?



      This is my pagination code:



      <?php
      if(empty($_GET['tab'])){}else{$page = $_GET['tab'];}
      if(isset($page)){$page = $_GET['tab'];}else{$page = 1;}
      $maximoVEP = 1;
      $startVEP = (($maximoVEP * $page) - $maximoVEP);
      $title = 'Asic';

      $stmtVEP = $db->prepare("SELECT count(*) FROM table WHERE data = 'vm' AND title = :title");
      $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
      $stmtVEP->execute();
      $total = $stmtVEP->fetchColumn();
      $total_pages = ceil($total/$maximoVEP);

      echo '<nav aria-label="Page navigation example">';
      echo '<ul class="pagination paginationEp ml-1 mr-1">';
      if ($page >= 2){

      echo '<li class="page-item">';
      echo '<a class="page-link" href="?p=';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '&tab='.($page-1).'"><i class="fas fa-angle-left"></i> ANTERIOR</a>';
      echo '</li>';
      }

      echo '<li class="page-item">';
      echo '<a class="page-link" href="';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '"><i class="fas fa-list-ul"></i></i></a>';
      echo '</li>';

      if ($page < $total_pages){

      echo '<li class="page-item">';
      echo '<a class="page-link" href="?p=';
      echo htmlentities($slug, ENT_QUOTES, "UTF-8", false);
      echo '&tab='.($page+1).'">PRÓXIMO <i class="fas fa-angle-right"></i></a>';
      echo '</li>';

      }
      echo '</nav>';

      $conn = null;
      ?>


      And the query:



      $stmtUTP = $db->prepare("SELECT `id`, `title` FROM table WHERE data = 'vm' ORDER BY id DESC LIMIT :start, :max");
      $stmtUTP->bindValue(':start', $startVEP, PDO::PARAM_INT);
      $stmtUTP->bindValue(':max', $maximoVEP, PDO::PARAM_INT);
      $stmtUTP->execute();






      php sql pdo pagination get






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Nov 17 '18 at 18:06

























      asked Nov 17 '18 at 17:58









      Natalie

      487




      487
























          2 Answers
          2






          active

          oldest

          votes


















          2














          Move your count query above your $startVEP calculation. Then simply check to make sure $page does not exceed $total_pages , in order to lock the $page requested to the highest possible page available.



          Additionally also check to make sure the requested page is a positive value, otherwise force the page to 1



          Example: https://3v4l.org/91m8G



          //applies to null, 0, false, empty string
          //will default to 1 if empty or not a numeric value
          $page = (empty($_GET['tab']) ? 1 : (int) $_GET['tab']);
          if ($page <= 0) {
          //force a positive page value
          $page = 1;
          }

          $maximoVEP = 1;
          $title = 'Asic';

          $stmtVEP = $db->prepare("SELECT count(id) FROM table WHERE data = 'vm' AND title = :title");
          $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
          $stmtVEP->execute();
          $total = $stmtVEP->fetchColumn();
          $total_pages = ceil($total/$maximoVEP);

          if ($page > $total_pages) {
          //limit requested page to the maximum number of pages
          $page = $total_pages;
          }

          $startVEP = (($maximoVEP * $page) - $maximoVEP);

          //...


          Results (assuming total records are 2)



          $_GET['tab'] = not a number: 1
          $_GET['tab'] = -1: 1
          $_GET['tab'] = -2: 1
          $_GET['tab'] = -0: 1
          $_GET['tab'] = 0: 1
          $_GET['tab'] = 1: 1
          $_GET['tab'] = 2: 2
          $_GET['tab'] = 3: 2
          $_GET['tab'] = 4: 2




          There is not really a security risk, since the offset is higher than available and you are using a prepared statement.
          Only potential issue is that $total_pages could be 0.






          share|improve this answer























          • This worked perfectly thanks!
            – Natalie
            Nov 17 '18 at 19:59






          • 1




            @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
            – fyrye
            Nov 17 '18 at 20:26



















          0














          It's a good practice to validate or even try to whitelist anything that comes from user input, or from outside the app, in this case $_GET['tab'] and after you assign it to $page.



          So you would want to make sure that is a positive integer and it's lesser than the total number of pages.
          You can use a conditional to check if is_numeric($page) and after you compute
          $total_pages you can use another conditional to check if $page >= 1 && $page <= $total_pages






          share|improve this answer





















            Your Answer






            StackExchange.ifUsing("editor", function () {
            StackExchange.using("externalEditor", function () {
            StackExchange.using("snippets", function () {
            StackExchange.snippets.init();
            });
            });
            }, "code-snippets");

            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "1"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53353990%2fpagination-how-to-dont-allow-the-user-to-go-further-the-existing-pages%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            2














            Move your count query above your $startVEP calculation. Then simply check to make sure $page does not exceed $total_pages , in order to lock the $page requested to the highest possible page available.



            Additionally also check to make sure the requested page is a positive value, otherwise force the page to 1



            Example: https://3v4l.org/91m8G



            //applies to null, 0, false, empty string
            //will default to 1 if empty or not a numeric value
            $page = (empty($_GET['tab']) ? 1 : (int) $_GET['tab']);
            if ($page <= 0) {
            //force a positive page value
            $page = 1;
            }

            $maximoVEP = 1;
            $title = 'Asic';

            $stmtVEP = $db->prepare("SELECT count(id) FROM table WHERE data = 'vm' AND title = :title");
            $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
            $stmtVEP->execute();
            $total = $stmtVEP->fetchColumn();
            $total_pages = ceil($total/$maximoVEP);

            if ($page > $total_pages) {
            //limit requested page to the maximum number of pages
            $page = $total_pages;
            }

            $startVEP = (($maximoVEP * $page) - $maximoVEP);

            //...


            Results (assuming total records are 2)



            $_GET['tab'] = not a number: 1
            $_GET['tab'] = -1: 1
            $_GET['tab'] = -2: 1
            $_GET['tab'] = -0: 1
            $_GET['tab'] = 0: 1
            $_GET['tab'] = 1: 1
            $_GET['tab'] = 2: 2
            $_GET['tab'] = 3: 2
            $_GET['tab'] = 4: 2




            There is not really a security risk, since the offset is higher than available and you are using a prepared statement.
            Only potential issue is that $total_pages could be 0.






            share|improve this answer























            • This worked perfectly thanks!
              – Natalie
              Nov 17 '18 at 19:59






            • 1




              @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
              – fyrye
              Nov 17 '18 at 20:26
















            2














            Move your count query above your $startVEP calculation. Then simply check to make sure $page does not exceed $total_pages , in order to lock the $page requested to the highest possible page available.



            Additionally also check to make sure the requested page is a positive value, otherwise force the page to 1



            Example: https://3v4l.org/91m8G



            //applies to null, 0, false, empty string
            //will default to 1 if empty or not a numeric value
            $page = (empty($_GET['tab']) ? 1 : (int) $_GET['tab']);
            if ($page <= 0) {
            //force a positive page value
            $page = 1;
            }

            $maximoVEP = 1;
            $title = 'Asic';

            $stmtVEP = $db->prepare("SELECT count(id) FROM table WHERE data = 'vm' AND title = :title");
            $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
            $stmtVEP->execute();
            $total = $stmtVEP->fetchColumn();
            $total_pages = ceil($total/$maximoVEP);

            if ($page > $total_pages) {
            //limit requested page to the maximum number of pages
            $page = $total_pages;
            }

            $startVEP = (($maximoVEP * $page) - $maximoVEP);

            //...


            Results (assuming total records are 2)



            $_GET['tab'] = not a number: 1
            $_GET['tab'] = -1: 1
            $_GET['tab'] = -2: 1
            $_GET['tab'] = -0: 1
            $_GET['tab'] = 0: 1
            $_GET['tab'] = 1: 1
            $_GET['tab'] = 2: 2
            $_GET['tab'] = 3: 2
            $_GET['tab'] = 4: 2




            There is not really a security risk, since the offset is higher than available and you are using a prepared statement.
            Only potential issue is that $total_pages could be 0.






            share|improve this answer























            • This worked perfectly thanks!
              – Natalie
              Nov 17 '18 at 19:59






            • 1




              @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
              – fyrye
              Nov 17 '18 at 20:26














            2












            2








            2






            Move your count query above your $startVEP calculation. Then simply check to make sure $page does not exceed $total_pages , in order to lock the $page requested to the highest possible page available.



            Additionally also check to make sure the requested page is a positive value, otherwise force the page to 1



            Example: https://3v4l.org/91m8G



            //applies to null, 0, false, empty string
            //will default to 1 if empty or not a numeric value
            $page = (empty($_GET['tab']) ? 1 : (int) $_GET['tab']);
            if ($page <= 0) {
            //force a positive page value
            $page = 1;
            }

            $maximoVEP = 1;
            $title = 'Asic';

            $stmtVEP = $db->prepare("SELECT count(id) FROM table WHERE data = 'vm' AND title = :title");
            $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
            $stmtVEP->execute();
            $total = $stmtVEP->fetchColumn();
            $total_pages = ceil($total/$maximoVEP);

            if ($page > $total_pages) {
            //limit requested page to the maximum number of pages
            $page = $total_pages;
            }

            $startVEP = (($maximoVEP * $page) - $maximoVEP);

            //...


            Results (assuming total records are 2)



            $_GET['tab'] = not a number: 1
            $_GET['tab'] = -1: 1
            $_GET['tab'] = -2: 1
            $_GET['tab'] = -0: 1
            $_GET['tab'] = 0: 1
            $_GET['tab'] = 1: 1
            $_GET['tab'] = 2: 2
            $_GET['tab'] = 3: 2
            $_GET['tab'] = 4: 2




            There is not really a security risk, since the offset is higher than available and you are using a prepared statement.
            Only potential issue is that $total_pages could be 0.






            share|improve this answer














            Move your count query above your $startVEP calculation. Then simply check to make sure $page does not exceed $total_pages , in order to lock the $page requested to the highest possible page available.



            Additionally also check to make sure the requested page is a positive value, otherwise force the page to 1



            Example: https://3v4l.org/91m8G



            //applies to null, 0, false, empty string
            //will default to 1 if empty or not a numeric value
            $page = (empty($_GET['tab']) ? 1 : (int) $_GET['tab']);
            if ($page <= 0) {
            //force a positive page value
            $page = 1;
            }

            $maximoVEP = 1;
            $title = 'Asic';

            $stmtVEP = $db->prepare("SELECT count(id) FROM table WHERE data = 'vm' AND title = :title");
            $stmtVEP->bindValue(':title', $title, PDO::PARAM_STR);
            $stmtVEP->execute();
            $total = $stmtVEP->fetchColumn();
            $total_pages = ceil($total/$maximoVEP);

            if ($page > $total_pages) {
            //limit requested page to the maximum number of pages
            $page = $total_pages;
            }

            $startVEP = (($maximoVEP * $page) - $maximoVEP);

            //...


            Results (assuming total records are 2)



            $_GET['tab'] = not a number: 1
            $_GET['tab'] = -1: 1
            $_GET['tab'] = -2: 1
            $_GET['tab'] = -0: 1
            $_GET['tab'] = 0: 1
            $_GET['tab'] = 1: 1
            $_GET['tab'] = 2: 2
            $_GET['tab'] = 3: 2
            $_GET['tab'] = 4: 2




            There is not really a security risk, since the offset is higher than available and you are using a prepared statement.
            Only potential issue is that $total_pages could be 0.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited Nov 17 '18 at 19:36

























            answered Nov 17 '18 at 18:45









            fyrye

            8,61013549




            8,61013549












            • This worked perfectly thanks!
              – Natalie
              Nov 17 '18 at 19:59






            • 1




              @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
              – fyrye
              Nov 17 '18 at 20:26


















            • This worked perfectly thanks!
              – Natalie
              Nov 17 '18 at 19:59






            • 1




              @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
              – fyrye
              Nov 17 '18 at 20:26
















            This worked perfectly thanks!
            – Natalie
            Nov 17 '18 at 19:59




            This worked perfectly thanks!
            – Natalie
            Nov 17 '18 at 19:59




            1




            1




            @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
            – fyrye
            Nov 17 '18 at 20:26




            @Natalie To place the pagination below the records, you would need to change the order of operations, to echo the navigation below it. I recommend using a function to accomplish this: 3v4l.org/Ih7iL , that way you will be able to use the pagination function on other templates.
            – fyrye
            Nov 17 '18 at 20:26













            0














            It's a good practice to validate or even try to whitelist anything that comes from user input, or from outside the app, in this case $_GET['tab'] and after you assign it to $page.



            So you would want to make sure that is a positive integer and it's lesser than the total number of pages.
            You can use a conditional to check if is_numeric($page) and after you compute
            $total_pages you can use another conditional to check if $page >= 1 && $page <= $total_pages






            share|improve this answer


























              0














              It's a good practice to validate or even try to whitelist anything that comes from user input, or from outside the app, in this case $_GET['tab'] and after you assign it to $page.



              So you would want to make sure that is a positive integer and it's lesser than the total number of pages.
              You can use a conditional to check if is_numeric($page) and after you compute
              $total_pages you can use another conditional to check if $page >= 1 && $page <= $total_pages






              share|improve this answer
























                0












                0








                0






                It's a good practice to validate or even try to whitelist anything that comes from user input, or from outside the app, in this case $_GET['tab'] and after you assign it to $page.



                So you would want to make sure that is a positive integer and it's lesser than the total number of pages.
                You can use a conditional to check if is_numeric($page) and after you compute
                $total_pages you can use another conditional to check if $page >= 1 && $page <= $total_pages






                share|improve this answer












                It's a good practice to validate or even try to whitelist anything that comes from user input, or from outside the app, in this case $_GET['tab'] and after you assign it to $page.



                So you would want to make sure that is a positive integer and it's lesser than the total number of pages.
                You can use a conditional to check if is_numeric($page) and after you compute
                $total_pages you can use another conditional to check if $page >= 1 && $page <= $total_pages







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 17 '18 at 18:39









                Dan D.

                574213




                574213






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Stack Overflow!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53353990%2fpagination-how-to-dont-allow-the-user-to-go-further-the-existing-pages%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    mysqli_query(): Empty query in /home/lucindabrummitt/public_html/blog/wp-includes/wp-db.php on line 1924

                    How to change which sound is reproduced for terminal bell?

                    Can I use Tabulator js library in my java Spring + Thymeleaf project?