1

I have the following code that is not functioning properly. I am trying to post a value to mysql db when the li is clicked. First is the js file and the 2nd is my php file. thanks for the assistance.

javascript:

function changeIt(){    
 $("#pagewrap").css({'background-image':'url(/image/HapppsTemplates/BlueTemplates/blueShell.svg)'});
 $.ajax({
  type: "POST",
  url: "templatepost.php",
  data: { tempname: "blueShell.svg"}
});
    }

templatepost.php:

<?php

header("Location: templatetest.php");
require_once("./source/include/membersite_config.php");

if(!$fgmembersite->CheckLogin())
{
    $fgmembersite->RedirectToURL("login.php");
    exit;
}

mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxx") or die(mysql_error());

$test = $fgmembersite-> UserID();
    $template_name = $_POST ['tempname'];



$query = "UPDATE events SET tempname= '".$template_name."' WHERE id_user = '$test'"
or die(mysql_error());


?>
Improve this question
2
  • The first thing is to mitigate SQL attacks using parameterized SQL. Commented Jan 27, 2013 at 19:11
  • You are using an obsolete database API and should use a modern replacement. You are also vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from. Commented Jan 27, 2013 at 19:13

1 Answer 1

Reset to default
4

You never actually run the query with mysql_query.

Your code is also very insecure. You don't escape the POST values in the query. You should use parameterized queries with PDO or mysqli.

$pdo = new PDO('mysql:host=xxx', 'xxx', 'xxx');
$stmt = pdo->prepare('UPDATE xxx.events SET tempname = ? WHERE id_user = ?');
$stmt->execute($template_name, $test);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thanks for the feedback, it doesn't help me solve my problem though
@StevenReda can you be more specific about what your problem is? All you say is "not functioning properly."

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.