Ajax PHP wont retrieve address bar variable

Question

My current website address reads: www.mysite.com/index.php?user=123

I click a link to active an ajax page to open. The ajax page contains the following:

$usernum = $_GET["user"];
$result = mysql_query("SELECT * FROM Persons WHERE user = $usernum");

This produces an error:

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Program Files (x86)\Ampps\www\social2\profile\indexBasics.php on line 29

No error ocurrs if I hard code in a user number though, it just refuses to get the address bar variable.

Help? Advice?

----- ADDED INFO ------

<script>
window.onload = function () {
    var basics = document.getElementById('basics'),
        favorites = document.getElementById('favorites');

    basics.onclick = function() {
        loadXMLDoc('indexBasics');
        var otherClasses = favorites.className;
        if (otherClasses.contains("Active")) {
            basics.className = 'statusOptionActive';
            favorites.className = 'statusOption';
        }
    }

    favorites.onclick = function() {
        loadXMLDoc('indexFav');        
        var otherClasses = basics.className;
        if (otherClasses.contains("Active")) {
            favorites.className = 'statusOptionActive';
            basics.className = 'statusOption';
        }
    }

    function loadXMLDoc(pageName)
    {
        var xmlhttp;
        if (window.XMLHttpRequest)
          {// code for IE7+, Firefox, Chrome, Opera, Safari
          xmlhttp=new XMLHttpRequest();
          }
        else
          {// code for IE6, IE5
          xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
        }
    xmlhttp.onreadystatechange=function()
          {
          if (xmlhttp.readyState==4 && xmlhttp.status==200)
            {
            document.getElementById("centreCont").innerHTML=xmlhttp.responseText;
            }
          }
        xmlhttp.open("GET","../profile/" + pageName + ".php",true);
        xmlhttp.send();
        }
}
</script>

Personally, I would avoid using `mysql_query` like that without escaping the input. I suggest PDOStatmements. Very safe, and easy to use. — CoderOfHonor, Aug 23 '13 at 20:29
Your current PHP code has a blatant SQL injection vulnerability that would be trivial for anyone to exploit. Please learn about both sanitizing user input and parameterized queries. — Kitsune, Aug 23 '13 at 21:03
You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Aug 23 '13 at 21:04

Maxime Lorant · Answer 1 · 2013-08-23T20:55:17.040

0

So you're saying that you are on www.mysite.com/index.php?user=123 when you click on your button (or whatever fire the AJAX event), you will load a different URL, which can be something like www.mysite.com/myajaxpage.php.

In that case, you may have forget to pass the user parameter to your AJAX request. So you can't access to $_GET['user'] in myajaxpage.php because it isn't defined in your URL.

Code example

~~If you're using jQuery, you can do this trick:~~

$.urlParam = function(name){
    var results = new RegExp('[\\?&amp;]' + name + '=([^&amp;#]*)').exec(window.location.href);
    return results[1] || 0;
}

// ....

$.post('myajaxpage.php', {'user': $.urlParam('user')}, function(data) {
   // your stuff
});

EDIT: The author uses Vanilla JS, so this example was just pointless.

edited Aug 23 '13 at 20:55

answered Aug 23 '13 at 20:31

Maxime Lorant

34,607
19
87
97

This is very confusing to me. My javascript knowledge is slim to none. Is it not possible just to extend the current PHP to get the address variable? – user2527750 Aug 23 '13 at 20:44
Can you show me your ajax call (where you're calling the second PHP page) – Maxime Lorant Aug 23 '13 at 20:47
I've added it to my original question for you. It in there somewhere – user2527750 Aug 23 '13 at 20:52
A quick way would be to modify your call by : `xmlhttp.open("GET","../profile/" + pageName + ".php?user=".$_GET['user'],true);`. With the `?user=...` added, you will be able to get the desired output. – Maxime Lorant Aug 23 '13 at 20:54
That actually stops the ajax working completely. I think that has mixed PHP with javascript hasn't it? – user2527750 Aug 23 '13 at 21:05
In fact, it's `xmlhttp.open("GET","../profile/" + pageName + ".php?user=,true);`. Sorry for my mistake. This line works only if you're JS is inside your index.php however. – Maxime Lorant Aug 24 '13 at 09:06

Ajax PHP wont retrieve address bar variable

1 Answers1

Code example