Updating SQL database using jQuery Ajax and PHP

Question

Updating SQL database using jQuery Ajax and PHP

So, I am trying to use ajax to update the value in my sql database by capturing the link that was clicked and find that link in the database. I am not sure why it does not work: \

$('.visit').click( function() {
var thisLink = $(this).attr('href'); 
$.post("visit.php", { link: thisLink});
});

<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = 1 WHERE link = $link");
include("print.php");
?>

+3

jquery sql ajax php

redenvy Mar 07 '11 at 1:19

source share

3 answers

rcravens · Answer 1 · 2011-03-07T01:43:42+0000

To prevent SQL injection, use something like the following (typing from memory ... double check).

<?php
    $db = new PDO('connection string', 'username', 'password');

    $query = "UPDATE items SET visited=1 WHERE link=:link";

    $stmt = $db->prepare($query);
    $stmt->execute(array(':link' => $link));
?>

Bean

kjy112 · Answer 2 · 2011-03-07T01:44:20+0000

    $('.visit').click( function() {
         var thisLink = $(this).attr('href'); 
         $.post("visit.php", { link: thisLink});
    });

    <?php
         $link = $_POST['link'];
         mysql_query("UPDATE items SET visited = '1' WHERE link = '".mysql_real_escape_string($link)."'");
         include("print.php");
    ?>

use a single quote around the SET and WHERE parameters. In addition, mysql_escape_real_string injects into the database for SQL injection

bensiu · Answer 3 · 2011-03-07T01:23:01+0000

 <?php 
  $link = $_POST['link']; 
  mysql_query("UPDATE items SET visited = 1 WHERE link = '$link'"); 
  include("print.php"); // what print.php does ?
 ?>

put quotes around $ link

compare $ link with the value in the database field - this should be explicitly consistent

Updating SQL database using jQuery Ajax and PHP

More articles: