Form within iframe doesn't run properly

Question

I am trying to execute a simple 'get' form within an iframe like so:

<iframe width = 60% height= 100% id="dynamic-content" src="imageViewing.php" />

This is the imageViewing.php:

<html>
<meta http-equiv="refresh" content="8">
<?php
//*database conncetion settings*
$query = "SELECT team_name,id,content FROM upload WHERE display='1'";
$result = mysql_query($query) or die('Error, query failed'.mysql_error());
while ($row = mysql_fetch_assoc($result))
{
 $id = $row['id'];
 echo $row['id']. '<img width="200" height = "200" src="data:image/png;base64,' . base64_encode($row['content']) . ' " />'. $row['team_name']."<form method='get' action='imgApproved.php?id='$id'><input type='submit' value='Approve'/></form><br>";
}
exit;
mysql_close();
?>
</html>

Clicking the button runs the imgApprove.php, which changes the 'display' parameter for the specific image, so that it doesn't display the next time the iframe refreshes.

<?php
if (isset($_GET['id']))
{
 $id = $_GET['id'];
 //*Connect to database stuff*
 $query = "UPDATE upload SET display='0' WHERE id='$id'";
 $result = mysql_query($query) or die('Error, query failed'.mysql_error());
 header("location:imageViewing.php");
}
?>

However, when I click on Approve, the iframe stops refreshing and no longer displays anything. However, if I refresh the page all the images are still displayed (so I assume imgApprove.php hasnt changed the value of display). Am I missing something simple here?

EDIT I have been doing some further testing and as it turns out: if (isset($_GET['id'])) is returning false and not even running the code, so the problem must be in the passing of the $id variable.

First thing, you should avoid mysql_* functions since it's deprecated and marked for removal. Consider using Mysqli or, even better, PHP Data Objects (PDO). The way your code is presented is vulnerable to SQL injection attacks. — al'ein, Aug 17 '15 at 14:20
I am using web hosting site, which supports PHP5.3 and nothing newer. In what way is my code vulnerable (i don't fully understand sql security just yet) — Oliver, Aug 17 '15 at 14:22
Mysqli was implemented in verison 5.3.0 by the way. Read about it here: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — al'ein, Aug 17 '15 at 14:26
Also, your code is a bit confusing. Once you click Approve, what should happen? You're fetching "display" values from "upload" table given ID argument, storing it inside an array `$row` and changing it's `display` field value to 0, then redirecting the page back to previous page. What is that you want to happen? — al'ein, Aug 17 '15 at 14:32
Once I click 'Approve' -> imgApprove.php should run and change the 'display' on the current image (find this with id) and return to the previous page. I now see what the problem is - rather than changing the actual value of the 'display' within the table i am only locally assigning something to $row['display'] — Oliver, Aug 17 '15 at 14:57
I have edited the OP and fixed what you were referring to; however, it still does has the same effect -> once clicked the iframe simply stops working. (I will get rid of the deprecated mysql tomorrow as well) — Oliver, Aug 17 '15 at 15:04
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/87180/discussion-between-aedix-rhinedale-and-oliver). — al'ein, Aug 17 '15 at 15:37

score 0 · Accepted Answer · answered Aug 25 '15 at 08:50

0

I believe the issue was caused by an unclosed iframe. I needed to add </iframe> after the <iframe> declaration. Anything in between the two is the text displayed if the iframe fails to load.

answered Aug 25 '15 at 08:50

Oliver

821
5
12
28

Form within iframe doesn't run properly

1 Answers1