0

I have two butons prev/next that call a getJSON. I want to alter a query depnding on what button if any were clicked. Here are my buttons and getjson statments

<input class="buttonsr" type="button" onClick="next()" name="NextLoad" value="Next Load"><input class="buttonsr" type="button" onClick="prev()"name="PrevLoad" value="Prev. Load">

$.getJSON("loadloads.php", document.getElementById('LoadNumber').value, jsonhandler)

I'd like to do something like below using the LoadNumber from the GET.

if isset($_GET['prev']){
    $find = 'Where L.$_GET['LoadNumber'] > (max)LoadNumber FROM tblLoads'
}
if isset($_GET['next']){
    $find = 'Where L.$_GET['LoadNumber'] < (min)LoadNumber FROM tblLoads'
}
else{
    $find = 'L.LoadNumber = (SELECT MAX(LoadNumber) FROM tblLoads)'
};
Mohammad
  • 21,175
  • 15
  • 55
  • 84
Craig Kuyper
  • 65
  • 1
  • 9

2 Answers2

0

You should use the same function and just pass a parameters to the server. Something like

<input class="buttonsr" type="button" onClick="page('next')" name="NextLoad" value="Next    Load">

function page(direction) {
   $.getJSON("loadloads.php?direction="+direction,document.getElementById('LoadNumber').value,jsonhandler)
}

On the server side, use the $_GET['direction'] to see if you're going NEXT or PREVIOUS.

if ($_GET['direction'] == 'next') { 
   // GO NEXT
} else {
   // GO PREV
}

And by the way, "isset()" only takes 2 "s" ;) Hope this helped, you can comment if i missed the point!

Bene
  • 1,875
  • 14
  • 14
  • I really wanted it to be SSSET. I think this is the direction I need to go but now I'm having trouble with the variable in my query its not running. I'm getting a Network error 500 internal server error. – Craig Kuyper Apr 17 '13 at 19:45
  • if you copied what i wrote, there's a space in the url which shouldn't be there. I edited. Make sure your headers are sent correctly (you can use firebug or chrome (network) in the console (f12 on both browsers) to see if the parameters are correctly sent) – Bene Apr 17 '13 at 20:18
  • I think it has something to do with quotes. I have query = 'select from where'$var' orderby'; – Craig Kuyper Apr 17 '13 at 20:53
  • If you have the PDO library installed, use PDO to bind params. Check that example: http://www.php.net/manual/en/pdostatement.bindparam.php It is more secure, and there's less chances that you mess up with the quotes! And another tip, when you want to concatenate strings, you have to do it that way: 'SELECT * FROM table WHERE ' . $var . '=' . $value .' ORDER BY position DESC'; – Bene Apr 17 '13 at 20:56
  • I was missing the . on either side of $var. – Craig Kuyper Apr 17 '13 at 21:17
0

I could be wrong on this, but I believe if you want to access "LoadNumber" in the $_GET super global then you need to pass in an object for the data parameter in $.getJSON like this:

    $.getJSON("loadloads.php", { LoadNumber:$('#LoadNumber').val() }, jsonhandler);
    // NOTE: I used jquery shorthand instead of document.getElementById() to get the value
    // simply to shorten it up.

I have not used $.getJSON() before but from the documentation: http://api.jquery.com/jQuery.getJSON/
it says that $.getJSON is just shorthand for $.ajax using a get request method so if you pass in an object with the key of what you are looking for then my guess is $.getJSON will put that into $_GET for you to grab.

Also Kolkin is correct this code is vulnerable to SQL injection, you should NEVER insert data from $_GET, $_POST or $_REQUEST directly into your SQL query without filtering it. You are potentially opening your code up to malicious injections that could either wipe out data in your DB or access sensitive data and return it.

Hope this helps.

Dropzilla
  • 502
  • 3
  • 14