Passing a friend GET ID to another page

Question

I have asked this question before but I couldn't understand the answer maybe because it didn't work for me.

I have a developed a chat application. Once a user submits using keyup, it works well i.e inserted into database and also selected just fine and the message is even displayed. The page being refreshed by javascript is load.php which has php code doing the selection like this;

SELECT * FROM chat WHERE sender_id=$_SESSION['id']

This is working just fine. But when I change it to

SELECT * FROM chat WHERE sender_id=$_SESSION['id'] AND receipent_id=$_GET['id']

it is not working simply because the $_GET['id'] of a selected member in the home page is not being passed to the load.php which is being refreshed by javascript every .....milliseconds so that online messages of the session id and the selected member should show in the message display. I refresh the load.php using this code on the home page;

function refresh(){ 
    setTimeout (function(){ 
        $('#message').load('load.php'); 
        refresh(); 
    }, 2000);
}

working just fine.

Now this load.php must select for me messages only for the member selected in the home page. So how can I have this members' id passed on to this load.php on selecting from database?

Will be so grateful for your help programmers.

score 1 · Answer 1 · answered Nov 28 '15 at 13:12

1

You need to add get variable in your code:

function refresh(id){ //receive id
    setTimeout (function(){ 
    $('#message').load('load.php?id='+id); //add id variable to the url 
    refresh(); 
    }, 2000);
}

answered Nov 28 '15 at 13:12

Manikiran

2,618
1
23
39

either that or retrieve the id variable from somewhere else (i.e. dom element, hidden input, localStorage etc) – Calimero Nov 28 '15 at 13:13
Yes, depends on your situation and requirements. – Manikiran Nov 28 '15 at 13:14
Thanks a lot. I really appreciate – MKO Nov 28 '15 at 13:52

score 1 · Answer 2 · edited May 23 '17 at 11:44

Well, you need to pass the GET value on the query string. Currently you're requesting this:

load('load.php')

If you want an id value, add one:

load('load.php?id=' + someValue)

If you need to get that value from the current query string in JavaScript, there are a number of ways to do that. Though, when you initially load the page, if the value is available then it would be trivial to output it to the page from PHP code in the first place. Something like this:

var someValue = <?php echo $someValue; ?>;

Keep in mind a few things here:

If the value is a string then you need to specify quotes in the JavaScript, not in the PHP.
Don't blindly echo user-submitted values to the page, that's a security vulnerability.
Users can change this value in your load.() call. So your approach may make it trivial for users to "impersonate" other users in your application. Make sure you always validate authorization server-side.
Your example SQL queries look like glaring SQL injection vulnerabilities. You're probably going to want to read up on validating user input and using prepared statements.

Thanks a lot. This really helped me put it all together. – MKO Nov 28 '15 at 13:53 — MKO, Nov 28 '15 at 13:53

score 1 · Accepted Answer · answered Nov 28 '15 at 13:14

1

If you want to pass $_GET['id'] value try to add in your function this value

function refresh(){ setTimeout (function(){ 
    $('#message').load('load.php?id=<?php echo $_GET['id']; ?>');
    refresh(); }, 2000);
}

Then load.php will have get value

answered Nov 28 '15 at 13:14

Standej

749
1
4
11

Thanks a lot. This has been one of the best answers. I really appreciate. It has worked for me perfectly as I wanted . – MKO Nov 28 '15 at 13:51

Passing a friend GET ID to another page

3 Answers3