$('.visit').click( function() {
var thisLink = $(this).attr('href');
$.post("visit.php", { link: thisLink});
});
<?php
$link = $_POST['link'];
mysql_query("UPDATE items SET visited = '1' WHERE link = '".mysql_real_escape_string($link)."'");
include("print.php");
?>
use a single quote around the SET and WHERE parameters. In addition, mysql_escape_real_string injects into the database for SQL injection
source
share