open new page with fetched data from database

Question

I am trying to open a new page that contains data from a database and I did this:

This is were I want to display my data

    <table id="produse">
    <thead>
        <tr>
            <th class="fluid">First Column</th>
            <th class="fixed">Fixed Column</th>
            <th class="fluid">Third Column</th>
        </tr>
    </thead>
    <tbody>
        <tr></tr>
    </tbody>
</table>

Entire JavaScript file to make an ideea of what I am trying to do:

$(function(){

    //arata categoriile

$('.menu').on('click', function(){
    $('#box').toggle('slide').show();
     $.ajax({
         url:'fetchsubmenu.php',
         data : {nume : $(this).attr('data-value')},
         dataType : 'json',
         success:function(data){
         console.log(data);// process your response 
         showObjects(data);
        }
    });
});


    function showObjects(obiecte){

    $('#box tbody').html('');
        for(var i=0; i<obiecte.length; i++){               //Functia care arata obiectele
            var aparat = obiecte[i];
            $('#box tbody').append(getRow(aparat));
        }
}

function getRow(aparat){


    var row = '<tr>'+
        '<td>' + '<a class="linkin" data-value='+aparat.id+' href="produs.html" >'+aparat.nume+'</a>' + '</td>'+ 
        '</tr>';

        return row;
}

// arata produsele dupa click pe linkul de categorie

    $(document).on('click', '.linkin', function(){
     $.ajax({
        url:'foodstore.php',
        dataType:'JSON',
        data : {id : $(this).attr('data-value')},
        success: function(data){
             console.log(data);// process your response 
         var rows = '';
         $.each(data,function(aparat){
              rows+= '<td>'+'<div id="prod">'+
         '<div>'+ '<img src='+aparat.imagine+' width="150" height="80" />' +'</div>'+
         '<div>'+ aparat.nume + '</div>' +                                                   //functia care le aranjeaza
         '<div>'+ aparat.pret +'&nbsplei' + '</div>'+
         '<div>'+'<button type = "button" id = "comanda">'+'Comanda'+'</button>'+'</div>'
         + '</div>'+'</td>';
         });
         $('#produse').html(rows);
        }
        });
    });

});

and the php File:

  $conn=mysql_connect('localhost','root','');
    mysql_select_db('alinDataBase');

    $idcat = $_GET['id'];
    $query =  "SELECT * FROM electrocasnice WHERE subcat = '$idcat' ";
    $result = mysql_query($query,$conn);
    $output='';

    while($row = mysql_fetch_array($result)){
        $output=array(
        "nume" => $row["nume"],
        "pret" => $row["pret"],
        "imagine" => $row["imaginepath"]
        );
        $records[] = $output;
    }
    echo json_encode($records);
    mysql_close($conn);

So I what I want to do is once I click on the link, I want to open the page with the data from my DataBase , but the page is blank (excepting the table thead).I know the code is a bit messy(I am a novice) thanks.

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! ***SQL Injection!*** *It's not just for breakfast any more!* — Jay Blanchard, Nov 03 '16 at 18:32
***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Nov 03 '16 at 18:33
I know about the security problems , but i wish i make it run first and then take care of security problems — alin dradici, Nov 03 '16 at 18:50
I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. If you don't have time to do it right the first time, when will you find the time to add it later? — Jay Blanchard, Nov 03 '16 at 18:57
Add error reporting to the top of your file(s) right after your opening ` — Jay Blanchard, Nov 03 '16 at 18:58

score 0 · Answer 1 · answered Nov 04 '16 at 09:56

0

You are sending:

data : {nume : $(this).attr('data-value')}

but you read:

$idcat = $_GET['id'];

answered Nov 04 '16 at 09:56

matei.nick

161
1
5

score -1 · Answer 2 · answered Nov 03 '16 at 18:32

Without testing it, I could tell that you need to wrap this piece of code:

 $.each(data,function(aparat){
              rows+= '<td>'+'<div id="prod">'+
         '<div>'+ '<img src='+aparat.imagine+' width="150" height="80" />' +'</div>'+
         '<div>'+ aparat.nume + '</div>' +                                                   //functia care le aranjeaza
         '<div>'+ aparat.pret +'&nbsplei' + '</div>'+
         '<div>'+'<button type = "button" id = "comanda">'+'Comanda'+'</button>'+'</div>'
         + '</div>'+'</td>';
         });

into a tr tag

 $.each(data,function(aparat){
              rows+= '<tr><td>'+'<div id="prod">'+
         '<div>'+ '<img src='+aparat.imagine+' width="150" height="80" />' +'</div>'+
         '<div>'+ aparat.nume + '</div>' +                                                   //functia care le aranjeaza
         '<div>'+ aparat.pret +'&nbsplei' + '</div>'+
         '<div>'+'<button type = "button" id = "comanda">'+'Comanda'+'</button>'+'</div>'
         + '</div>'+'</td></tr>';
         });

Also, I would use $('#produse tbody').html(rows); instead of $('#produse').html(rows);

score -1 · Answer 3 · answered Nov 03 '16 at 18:35

So far I was able to point out small variable declaration error here

$conn=mysql_connect('localhost','root','');
mysql_select_db('alinDataBase');

$idcat = $_GET['id'];
$query =  "SELECT * FROM electrocasnice WHERE subcat = '$idcat' ";
$result = mysql_query($query,$conn);
$output='';
$records = []; //define it globally.

while($row = mysql_fetch_array($result)){
    $output=array(
    "nume" => $row["nume"],
    "pret" => $row["pret"],
    "imagine" => $row["imaginepath"]
    );
    array_push($records, $output); //Push each objects into array
}
echo json_encode($records);
mysql_close($conn);

I'm not sure if you're getting data or not. Else try this and let me know if this worked or not.

I just said @alin not to you. – imrealashu Nov 04 '16 at 00:18 — imrealashu, Nov 04 '16 at 00:18

open new page with fetched data from database

3 Answers3