Hello, i want to know if somebody could help me to make this script safe. Like how to put mysql_real_escape_string.
Or how to use preg_split, or htmletities....
<?php include 'extern/connect.php';
$categories = file_get_contents('extern/categories.php');
$footer = file_get_contents('extern/footer.php');
$logo = file_get_contents('extern/logo.php');
$report = file_get_contents('extern/report.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="keywords" content="//////" />
<meta name="description" content="/////" />
<title>///////<title>
<link rel="shortcut icon" href="images/favicon.ico" />
<link rel="stylesheet" type="text/css" href="/css/style.css" />
<!--[if IE]>
<link rel="stylesheet" type="text/css" href="/css/ie-style.css" />
<![endif]-->
<script type="text/javascript" src="extern/stats.js" ></script>
<script type='text/javascript' src='ajax/jquery-1.8.1.js'></script>
<script type="text/javascript">
$(document).ready(function(){
$('._bxn').click(function(){
var file_id = $(this).attr('id');
$.ajax({
type: "POST",
url: 'ajax/count.php',
data: 'file_id=' + file_id
});
});
});
</script>
</head>
<body>
<div id="container">
<div id="header">
<div class="img"><?php echo $logo; ?></div>
<div id="form">
<form action='search.php' class='form-srch sr' method='GET'>
<input type='text' name='search' placeholder='Search here...' required>
<button type='submit' name='submit'>Search</button>
</form>
</div>
</div>
<div id="categories">
<?php echo $categories; ?>
</div>
<?php
$button = $_GET ['submit'];
$search = $_GET ['search'];
echo "<div id='containerbartop'>
<div id='dateadded'>Watch funny videos <b>$search</b> </div>
<div id='populair'><a href='populair.php'>Populair</a></div></div><div id='thumbcontainer'><ul class='mainv'>";
include 'extern/connectsearch.php';
$search_exploded = explode (" ", $search);
foreach($search_exploded as $funny)
{
$x++;
if($x==1)
$construct .="title LIKE '%funny%'";
else
$construct .="AND title LIKE '%funny%'";
$constructs ="SELECT * FROM videos WHERE $construct";
$run = mysql_query($constructs);
$foundnum = mysql_num_rows($run);
if ($foundnum==0)
echo "Please try something else";
$per_page = 36;
$id = $_GET['id'];
$max_pages = ceil($foundnum / $per_page);
if(!$id)
$id=0;
$getquery = mysql_query("SELECT * FROM videos WHERE $construct ORDER BY date DESC LIMIT $id, $per_page");
$thumbs = $runrows ['thumbs'];
$title = $runrows ['title'];
$channel = $runrows ['channel'];
$url = $runrows ['url'];
$duration = $runrows ['duration'];
while($runrows = mysql_fetch_assoc($getquery))
{
echo '<li class="thumbcontent"><a href="'. $runrows['url'] .'" class="_bxn" id="'. $runrows['id'] .'" target="_blank"><img src="'. $runrows['thumbs'].'" class="thumb" name="'. $runrows['title'] .'" alt="'. $runrows['title'] .'" title="'. $runrows['title'] .'" width="240" height="180" />
</a><span class="thumbreport"><a href="raport.php?url= '. $runrows['url'] .'&thumb='. $runrows['thumbs'] .'&title='. $runrows['title'] .' " target="_blank">Report</a></span><span class="duration">'. $runrows['duration'].'</span><span class="out"><a href="'. $runrows['exlink']. '">'. $runrows['ex'] .'</a></span></li>
';
}
echo "<center>";
?>
</ul>
</div>
<div id="containerbarbottom">
<?php
//Pagination ids
echo "<center>";
$prev = $id - $per_page;
$next = $id + $per_page;
$adjacents = 5;
$last = $max_pages - 1;
if($max_pages > 1)
{
//previous button
if (!($id<=0))
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$prev'>Prev</a> </div>";
//pages
if ($max_pages < 7 + ($adjacents * 2)) //not enough pages to bother breaking it up
{
$i = 0;
for ($counter = 1; $counter <= $max_pages; $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div> ";
}
else {
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}
$i = $i + $per_page;
}
}
elseif($max_pages > 5 + ($adjacents * 2)) //enough pages to hide some
{
//close to beginning; only hide later pages
if(($id/$per_page) < 1 + ($adjacents * 2))
{
$i = 0;
for ($counter = 1; $counter < 4 + ($adjacents * 2); $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div> ";
}
else {
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}
$i = $i + $per_page;
}
}
//in middle; hide some front and some back
elseif($max_pages - ($adjacents * 2) > ($id / $per_page) && ($id / $per_page) > ($adjacents * 2))
{
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=0'>1</a></div> ";
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$per_id'>2</a> ....</div> ";
$i = $id;
for ($counter = ($id/$per_page)+1; $counter < ($id / $per_page) + $adjacents + 2; $counter++)
{
if ($i == $id){
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div>";
}
else {
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}
$i = $i + $per_page;
}
}
//close to end; only hide early pages
else
{
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=0'>1</a></div> ";
echo " <div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$per_id'>2</a> ....</div> ";
$i = $id;
for ($counter = ($id / $per_page) + 1; $counter <= $max_pages; $counter++)
{
if ($i == $id){
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$i'><font color=orange><b>$counter</b></font></a></div>";
}
else {
echo " <div class='paginate'><a href='funny.php?search=$search&submit=search&id=$i'>$counter</a></div> ";
}
$i = $i + $per_page;
}
}
}
//next button
if (!($id >=$foundnum-$per_page))
echo "<div class='paginate'> <a href='funny.php?search=$search&submit=search&id=$next'>Next</a></div> ";
}
echo "</center>";
}
?>
</div>
<div id="reclame">
<iframe src="ifr.html" height="275" width="1050" frameborder="0" scrolling="no"></iframe>
</div>
<div id="footer">
<?php echo $footer; ?></div>
</div>
</body>
</html>
Thanks.