0

I have a page that I use AJAX to save some data in a DB. As below, when I click on the button, it posts data to add-to-db.php

My problem is that I used numbers instead of values for my testings and worked. Now that I have to make use of variables it does not.
I guess I have to post the values of $dealid and $myid but how can I do this?

Thank you.

in my product.php I have this

<script>
$(function(){
    $("#JqPostForm").submit(function(e){
       e.preventDefault();   

        $.post("add-to-db.php",
        function(data){

            $("#message_post").html("Thank you");


        });
    });

});
</script>

$dealid = (int)$_GET["id"];
$myid = $_SESSION['SESS_MEMBER_ID'];

and in the add-to-db.php I have this query but it does not save in DB

$query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('$_SESSION['SESS_MEMBER_ID']', '$dealid', '$_SERVER[REMOTE_ADDR]')";

however when I added VALUES ('1', '2', '$_SERVER[REMOTE_ADDR]')"; it worked

Improve this question
1
  • Test add-to-db.php manually with some $_GET variables to see what's happening with the query. The transition from numbers to alphanumeric might not work because there are no quotes around values. Also, be careful with SQL injection. Commented Nov 11, 2011 at 2:06

1 Answer 1

Reset to default
2

First, the variables in the form on product.php need to be sent to add-to-db.php. Right now, no variables are being sent, because none are specified in your $.post() call. To do this, you can:

$.post("add-to-db.php", $("#myform").serialize(), function (data){
   $("#message_post").html("Thank you");
});

Once you send the variables off to add-to-db.php, you can read them by accessing the $_POST array, assuming you have register_globals OFF in php.ini, and your field is called dealid

$query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('$_SESSION['SESS_MEMBER_ID']', '".$_POST['dealid']."', '$_SERVER[REMOTE_ADDR]')";

However - do not use this code. You must santize all POST and should sanitize SESSION and SERVER variables in your queries, or you risk the safety of your website.

$dealid = mysql_real_escape_string($_POST['dealid']);
$sessid = mysql_real_escape_string($_SESSION['SESS_MEMBER_ID']);

Then use these variables instead in your SQL query:

$query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('{$sessid}', '{$dealid}', '$_SERVER[REMOTE_ADDR]')";
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thank you for this but the dealid is got from the URL. Is not in the form
It is working, however I want to get the product.php?id=1 instead of having it in a textbox
To pass the id get parameter from product to add-to-db.php, you can easily echo it out in a hidden form variable: <input type='hidden' name='id' value='<?php echo $_GET['id'] ?>' />. This will include it in the POST to add-to-db.php
Yes this is how I have it now. But is there any way to make use of the id of the url directly instead of having it through a textbox ?
yeah, you could always append it to your post target... it's messy but: $.post("add-to-db.php?id=<?php echo $_GET['id'] ?>", $("#myform").serialize(), function (data){ ... });
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.