How can I update SQL table on iframe load?

Question

I'm trying to update sql table when an iframe is loaded.

I looked into using JS's onload() but this would pose a security risk.

Here is the sql:

<?php mysql_query("UPDATE ".MYSQLTABLE." SET hitter=hitter+".$hit." WHERE user='".$suid."'") or die(mysql_error()); ?>

How would I go about this without it causing a security risk?

Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://jayblanchard.net/demystifying_php_pdo.html). The *only* way you'll know the iframe is loaded is a client-side event which will need to trigger a server-side event (AJAX). You can make this secure but since you've not shown us the code we cannot help. — Jay Blanchard, Apr 20 '15 at 12:00
You didn't post any details, and your question is unclear. Your topic is asking how to update SQL table on iframe load, but the text says how to correct your query to be without security risk. First thing I dont get, is why you use deprecated `mysql_query` instead of `mysqli_query`. I don't know if you are, or aren't escaping your variables correctly too. — Eda190, Apr 20 '15 at 12:00

score 0 · Answer 1 · answered Apr 20 '15 at 12:00

put sql in php file and use:

<script type="text/javascript">
document.getElementById('ifrm').onload = function() {
    $.ajax({
        url: 'sql.php',
        type: 'post',
        success: function(data, status) {
            // worked
        },
        error: function(xhr, desc, err) {
            //error
        }
    });
}
</script>

score 0 · Answer 2 · answered Apr 20 '15 at 12:14

If you are trying to update the count on the iframe load, then you can use the onload property of the iframe tag. And the update you can use by the ajax call or by the Html HttpRequest .

this can be done as like below

<iframe id="ifrme" src="demo.html" onload="doSomething()"></iframe>

And now the ajax call to invoke the php script.

<script type="text/javascript">
$(document).ready(function(){
    function doSomething(){
        $.ajax(
                { url: 'your_update_url.php?uid=123',
                 type : 'GET',
                 dataType: 'json',
                 success : function ( jsXHR) {
                 },
                 failed : function(status,data){ }
               }
         );
    }

});
</script>

by this way you can invoke the script. For more info please check for ajax call using php

Thank you for your help, but the problem is the security issue. The problem here is the user can just view the source and call the php file with their uid. Sorry my question wasn't really clear. — stickmanohstickman, Apr 20 '15 at 19:04
instead of passing the user_id as url, try to pass it through the session, and inside the file you can verify whether the access is authenticated or not — Mukesh Mohan, Apr 21 '15 at 05:53

How can I update SQL table on iframe load?

2 Answers2