0

I'm trying to pass two variables into jQuery's "POST" function, but they don't seem to be getting to my PHP.

<script>
var starting = 0;
var ending = 3;
$(document).ready(function(){               
           $.post("test.php", {start: starting, end: ending}, 
                   function(){});
  });
</script>

It's my understanding that I should be able to access "starting" and "ending" by using $_POST["start"] and $_POST["end"], but it doesn't seem to be working. Am I passing these variables incorrectly? Here's the start of my PHP. The script works fine if I hard-code test values for the limit.

$starting = intval($_POST["start"]);
$ending = intval($_POST["end"]);
$query = "SELECT formation_name FROM formations LIMIT '$starting','$ending'";
Ristoph
  • 37
  • 4
  • 2
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Mar 10 '13 at 20:48
  • By calling `intval` he should be safe against SQL injections in this example. Although it's a good idea to update to a newer API if it's not too much work. – Adam Plocher Mar 10 '13 at 20:49
  • Thanks, I am using the mysqli API though :) I just took the code above to demonstrate my problem, none of this is going into production, just some tests for some front-end scripts I'm working on. – Ristoph Mar 10 '13 at 20:59

1 Answers1

7

The MySQL LIMIT clause takes two integers, not strings. Remove the quotes you have around them.

Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • This worked, thanks. For some reason, I thought single quotations denoted variables within a query as opposed to strings. Rookie mistake! – Ristoph Mar 10 '13 at 21:08