0

I have this script.

<script type='text/javascript' charset='utf-8'>
    $(window).load(function(){
        window.loadIframe = function(frame) {
           var link = $(frame).attr('src');
           $.post('link.php', {'link': link}, function (txt) {});
        }
    });
</script>

If I replace $.post('a.php', {'link': link}, function (txt) {}); for alert(link) it will display a link: example(http://www.example.com/123-a-b-c-d-e-f-0), ok.

Then, in the link.php I have this code:

<? 
...
$link = filter_input(INPUT_POST, 'link', FILTER_SANITIZE_NUMBER_INT); 
    mysql_query("insert into prueba values ('', '$link')"); 
...
?>

When I check the database, the value inserted isn't the full link, is 123-------0

Where is the problem? Thank you very much.

frankie3
  • 89
  • 1
  • 1
  • 8
  • You're filtering out non-numbers for some reason – Explosion Pills Jan 02 '13 at 19:10
  • 2
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Naftali Jan 02 '13 at 19:10

2 Answers2

0

It's because you're using FILTER_SANITIZE_NUMBER_INT. From the docs:

Remove all characters except digits, plus and minus sign.

xofer
  • 1,010
  • 8
  • 11
-2

The post value that was sent was under link.php.

Use $_POST['link.php'].

Also please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
Naftali
  • 144,921
  • 39
  • 244
  • 303