At the moment I'm adding a search option to one of my projects. The search is working great, but sometimes giving too much results back to fit on one page. I know how to do a paging on results from the MySQL (page 1, page 2 etc..), but how do you do this on a search result? I see that the HowtoForge forum does this by using a "searchid=xxxxx". Whats stored in the searchid? Is this the search terms that the user used for the search? Also.. Is the searchid stored in a MySQL or in a session?
Thats how I'm doing it at the moment. The problem is (I think) that "hackers" can inject stuff into a session, and that way inject into the MySQL. (I might be over paranoid)
I think the best way would be to store the search terms in the session. If you validate the fields correctly each time, before you search, even if your session data is tainted there shouldn't be a problem. Then you can treat it like any other pagination.
