-1

I'm writing a page in php (index.php, say) which uses an external php script (do.php, say) called through the jQuery $.post function.

I am passing a post variable called doit which determines what the script will do. For example, if doit is 1, it assigns an unique id to the user and stores it in a cookie called uid with the setcookie() function. If doit is 2, it inputs another post data called msg into a table, that it creates by the name t+uid. Eg. If uid is 14, it creates a table called t14 and puts msg in it.

I use the following line of code to set the cookie:

setcookie("uid", $val, time()+3600, '/');

And this line of code to create the table:

$q = "create table t".$_COOKIE["uid"]." (sl int primary key auto_increment, msg varchar(1000), seen int);";
mysql_query($q);

Now my problem is this: The sql query is executed correctly, but I dont get any value from the cookie variable. The table created is simply named t.

My question is: What am I doing wrong? What should I do so that I get a value correctly?

P.S: When I check the cookies set by my page, I see the cookie there. I tried clearing the cookies and trying again, but each time, the cookie is set correctly, but not the table.

There is also another problem. The sql queries are executed only after i refresh the page. For example, I have another table called uu in which I store the uid of the current user and some other info. The last row in that table contains the previous uid and not the present one. If uid is 10 this time, and i refresh the page and get uid as 11, only then does the info for uid = 10 is updated in the table uu.

Any help at all is greatly appreciated :-) Thanks.

Mihai Iorga
  • 39,330
  • 16
  • 106
  • 107
rktcool
  • 356
  • 1
  • 11
  • 2
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Mar 25 '13 at 14:18
  • 2
    Lots of problems here, but why would you create a new table for each of your users? And even worse, have that set from a cookie which is wide open to manipulation. Better to have one `messages` table with fields for user id, message id, message text, timestamp, etc. Also, can't you POST the uid instead of storing it in a cookie? All depends on your app design but sounds like it needs some more thought – okyanet Mar 25 '13 at 14:29
  • I know about the vulnerabilities. The point is not to build a sound and secure website, but to learn the basics of mySQL and PHP. I'm a noob to both these. Thanks for the info anyway; I'll keep it in mind :-) @Quentin. – rktcool Mar 26 '13 at 16:58

1 Answers1

0

PHP's setcookie function sends cookie in Response Header. If your AJAX call executes before you receive the response from index.php, then you might not get the cookie in the request.

Can you try putting $.post request on a button/link click and check whether you are getting the cookie in the request. If possible, please provide complete code (PHP and JavaScript)

Amit
  • 1,365
  • 8
  • 15
  • I'm putting the post request inside a '$(document).ready()'. So shouldn't that ensure that the AJAX call executes after the page is ready (i.e. after the Response Header and stuff) ? – rktcool Mar 26 '13 at 17:05