Ajax call not incrementing hit counter in mysql database

Question

Code on the index page where a list of videos is loaded from database:

<?php
   ini_set('display_errors', 1);
   mysqli_set_charset($link, 'utf8mb4');
   $query="SELECT * FROM videos";
   $result=mysqli_query($link,$query) or die (mysqli_error($link));

   while($row=mysqli_fetch_assoc($result))
        {
          echo '<div class=\"3u 12u(medium)\">';
          echo '<section class=\"box feature\">';
          echo '<p id="video_' . $row['v_id'] . '" class="videos">'.$row['v_url'].'</p>';
          echo '<p>'.$row['v_title'].'</p>';
          echo '<p>'.$row['v_date'].'</p>';
          echo '<p>'.$row['v_hits'].'</p>';
          echo '</section></div>';
        }
?>

<script>
    $(".videos").click(function(){
    id = this.id;
    video_id = id.substring(id.lastIndexOf('_')+1,id.length);

    //ajax call
    $.ajax({
    type: "GET",
    url: "update_video_counter.php",
    data: 'video_id=' + video_id,
    cache: false,
    success: function (html) {
    }
    });
    });

</script>

And then the update_video_counter.php page:

<?php

  $id = $_GET["video_id"];
  ini_set('display_errors', 1);
  mysqli_set_charset($link, 'utf8mb4');
  $query="UPDATE videos SET v_hits = v_hits + 1 WHERE v_id = $id";

?>

Now I'm not very experienced with Ajax/JQuery, but it looks good to me. It's not incrementing whatsoever though, but if I try to manually query in the database to check if the used query is correct, it's working just fine.

so you mean the GUI is not updating but the db is fine right ? — Drew, Aug 12 '15 at 12:27
You dont execute the query... You also are open to SQL injections. `$link` is established earlier in the update_video_counter.php? — chris85, Aug 12 '15 at 12:28

score 0 · Answer 1 · edited May 23 '17 at 11:51

0

I think all you need to do is execute the query. You also should use prepared statements or cast integer values to ints so you don't get injected.

$id = (int)$_GET["video_id"];
ini_set('display_errors', 1);
mysqli_set_charset($link, 'utf8mb4');
$query="UPDATE videos SET v_hits = v_hits + 1 WHERE v_id = $id";
mysqli_query($query);

Additional information on SQL injections:

How can I prevent SQL injection in PHP?
http://php.net/manual/en/security.database.sql-injection.php
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29

edited May 23 '17 at 11:51

Community

1
1

answered Aug 12 '15 at 12:39

chris85

23,846
7
34
51

Hey I tried this, adding the execution, but v_hits is still not being incremented. – Michael Aug 12 '15 at 15:34
What does the request show in the network tab of the developer console? Does the request complete? Is `video_id` transfered? – chris85 Aug 12 '15 at 15:37
That looks like all youtube requests? – chris85 Aug 12 '15 at 15:41
Well it's all that's being shown while/after I click on them. Any ideas? – Michael Aug 12 '15 at 15:42
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/86807/discussion-between-michael-and-chris85). – Michael Aug 12 '15 at 15:47
@Michael did you see the last message in chat and/or did it work for you? – chris85 Aug 12 '15 at 20:40
No it didn't, not even in a live environment. – Michael Aug 13 '15 at 17:08
Ye same, sorry for the slow reply I have been quite sick. – Michael Aug 17 '15 at 19:08
Is the script still on that linked page and the same as what you are testing on? – chris85 Aug 17 '15 at 20:39

Ajax call not incrementing hit counter in mysql database

1 Answers1