$pag = new Page(); if (isset($_GET["orderStatus"]) and $_GET["orderStatus"] != NULL) { $conditions .= " where tblorder.order_status =" . sqlInjection($_GET['orderStatus']) . " "; if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) { $conditions .= " and tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'"; } } else { if (isset($_GET["searchStr"]) and $_GET["searchStr"] != NULL) { $conditions .= " where tblcustomer.cus_username like '%" . sqlInjection($_GET['searchStr']) . "%'"; } } //echo $conditions; $start = $pag->findStart($limit); $querycount = "SELECT tblorder.order_id FROM tblcustomer INNER JOIN tblorder ON tblcustomer.cus_id = tblorder.cus_id " . $conditions; $count = mysql_num_rows(mysql_query($querycount)); $pages = $pag->findPages($count, $limit); if (isset($_GET['page']) or is_numeric($_GET['page'])) { $paging = " LIMIT " . $start . "," . $limit . " "; } else { $paging = " LIMIT 0," . $limit . " "; } $listorder = $ord->getListOrder($conditions, $paging); $page_list = $pag->pageList($_GET['page'], $pages); ?> <script language="javascript" type="text/javascript"> var condistion = ""; function submitFilterOrder(){ if(document.forms['orderFilter']['orderStatus'].value!=""){ condistion += "&orderStatus="+document.forms['orderFilter']['orderStatus'].value; }