0

I have a follow button that when I press on it store into follow table followerid and followingid and turned into unfollow
and when I press on unfollow delete them from follow table I used JQuery for this but when I press on the button it turned into unfollow but does not store any data in the data base can you help me find the error please

JQuery 

function change( el )
{
var input= $('#followingid').val();
var input2=$('#followerid').val();

    if ( el.value == "Follow" )
    {
        $.get("follow_button.php",{following_id:'input',follower_id:'input2'});
        el.value = "Unfollow";
    }
    else
    {
        $.get("unfollow_button.php",{following_id:'input',follower_id:'input2'});
        el.value = "Follow";
    }

}

and this is the follow button 

  <form action="" method="post" name="f1">


<input type="button" value="<?php 
$sql="SELECT * FROM follow WHERE followerid=$id and followingid=$projectid";
$q=mysql_query($sql) or die (mysql_error());
    if($num=mysql_num_rows($q))
    echo 'Unfollow';
    else
    echo 'Follow';

    ?>" onclick="return change(this);" />
  </form>

and this is follow_button.php page

<?php
  $followerid=$_GET['follower_id'];
  $followingid=$_GET['following_id'];

  $sql2="INSERT INTO follow (followerid,followingid) VALUES($followerid,$followingid)"; 
  $q2=mysql_query($sql2) or die(mysql_error());
?>

unfollow_button.php page

<?php
  $follower_id=$_GET['followerid'];
  $following_id=$_GET['followingid'];

    $sql2="DELETE FROM follow WHERE followingid=$following_id and followerid=$follower_id";
    $q2=mysql_query($sql2); 
?>

I review my code several times but I could't find the error ,,I hope you can find the problem thanx ...

Abeer
  • 83
  • 1
  • 2
  • 12
  • 3
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 01 '14 at 12:18
  • Any error in console/network tab??? What are you expecting to pass as data here: `following_id:'input'`? – A. Wolff May 01 '14 at 12:22
  • Your code is indeeed vulnerable to SQL injections. First thing you could also correct in the code of your `unfollow_button.php` page is change the GET parameter names, since you seem to have forgotten the underscores there. – PLPeeters May 01 '14 at 12:22
  • Trace the HTTP call (either with the browser's built in debugging tools or with a third party application such as Fiddler), and check the actual call that's being made. – Adrian Wragg May 01 '14 at 12:22

3 Answers3

2

There are some problems in your jQuery code. You need to remove the quotes from 'input' and 'input2' in your $.get calls, otherwise it will just pass the values 'input' and 'input2' literally, instead of the values of the variables.

function change(el) {
var input = $('#followingid').val();
var input2 = $('#followerid').val();

    if (el.value == "Follow") {
        $.get("follow_button.php", {following_id: input, follower_id: input2}); // Removed quotes
        el.value = "Unfollow";
    } else {
        $.get("unfollow_button.php", {following_id: input, follower_id: input2}); // Removed quotes
        el.value = "Follow";
    }

}

Secondly, in your unfollow_button.php, you misspelled your GET parameter names:

<?php
  $follower_id=$_GET['follower_id']; // Added an underscore
  $following_id=$_GET['following_id']; // Added an underscore

    $sql2="DELETE FROM follow WHERE followingid=$following_id and followerid=$follower_id";
    $q2=mysql_query($sql2); 
?>

Also check the JavaScript console for errors. You could also try manually going to your follow_button.php page with GET parameters that would normally work and see if the page shows an error.

Moreover, you are using an outdated database API. Consider using PDO with its prepare() function, which will protect you from SQL injections.

For example, if one were to replace the follower_id by 15; DROP TABLE follow, your final SQL query would look like this: DELETE FROM follow WHERE followingid=42 AND followerid=15; DROP TABLE follow, which would delete your follow table.

PLPeeters
  • 1,009
  • 12
  • 26
  • thank you for your answer ,, but I change my code as you told my but nothing change it does not go to follow_button.php I tried to put alert there but no action happened either – Abeer May 01 '14 at 12:39
  • Have you tried manually going to your PHP script called by your AJAX call as suggested? – PLPeeters May 01 '14 at 12:41
  • yes I tried but it seems it does not go to follow_button.php code – Abeer May 01 '14 at 12:43
  • What do you mean by `yes I tried but it seems it does not go to follow_button.php code`? Does the page show an error or not? – PLPeeters May 01 '14 at 12:47
  • I mean when I press on follow it should go to follow_button page where it store the data in follow table ,, I put an alert to show (hello) before insert any data but the alert didn't show up – Abeer May 01 '14 at 12:49
  • Technically, it doesn't go to the page, it does an AJAX call, so the page is loaded in the background. An alert inside your PHP page cannot show. Did you check the JavaScript console for errors? – PLPeeters May 01 '14 at 12:52
  • yes exactly ,,, no I didn't because I don't know how to do it sorry x_x – Abeer May 01 '14 at 12:55
  • See [here](http://webmasters.stackexchange.com/questions/8525/how-to-open-the-javascript-console-in-different-browsers) – PLPeeters May 01 '14 at 12:56
  • thank you very much MR. PLPeeters and sorry for bothering you ^_^ – Abeer May 01 '14 at 12:58
  • You're not bothering me, this is what StackOverflow is for. If my answer solved your question, please [accept it](http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work). – PLPeeters May 01 '14 at 12:59
1

First check your mysql connection and if data is inserted or not you can return an error/success status which would indicate you to change FOLLOW or UNFOLLOW like,

if ( el.value == "Follow" ) {
    $.get("follow_button.php",{following_id:'input',follower_id:'input2'}, function(data){
        // change text if you get success in response
        if(data=='success') {
           el.value = "Unfollow";
        }
    });        
} else {
    $.get("unfollow_button.php",{following_id:'input',follower_id:'input2'}, function(data){
        // change text if you get success in response
        if(data=='success') {
           el.value = "Follow";
        }
    });
}

In PHP try this,

$sql2="INSERT INTO follow (followerid,followingid) VALUES($followerid,$followingid)"; 
if(mysql_query($sql2)) echo 'success';
else echo 'error';
return;

Do the same for delete/Unfollow.

You can combine the insert and delete code in a single page by using a type=follow/unfollow

Rohan Kumar
  • 40,431
  • 11
  • 76
  • 106
  • I edited my code as you told my but when I press the follow button it does not change to unfollow + didn't store any data – Abeer May 01 '14 at 12:32
  • In the call back use `alert(data);` and echo `mysql_error()`, you will get your answer – Rohan Kumar May 01 '14 at 12:44
  • I put an alert in the beginning of the page to show (hi) but it didn't show up ,,that's it didn't go to follow_button.php – Abeer May 01 '14 at 12:47
0
function change( el )
{
var input= $('#followingid').val();
var input2=$('#followerid').val();
if ( el.value == "Follow" )
{
    $.get("follow_button.php",{following_id:'input',follower_id:'input2'});
    el.value = "Unfollow";
    return false;
}
else
{
    $.get("unfollow_button.php",{following_id:'input',follower_id:'input2'});
    el.value = "Follow";
    return false;
}
return false;
}

Try this..May be this can help you.

Komal
  • 67
  • 5