PHP/AJAX - Like button, need some help on the PHP part

Question

I'm trying to create this like button which goes +1 after clicking on it. You can only click the like once (like is bonded to the account with what u logged in, so a user can not 15x like the same post.)

In my HTML I have this button

<a class="like" id="<?php echo $rows['id']; ?>" href="index.php?id=.$rows['ID']">like</a>

As my AJAX/JQuery I have these

$('a.like').on('click',function () {

    var id = $(this).attr('id');


    $.ajax({
        url:"ajax/post_like.php",
        method: "POST",
        data: ({ id: id }), // first id is the name, second is the actual id variable we just created
        beforeSend: function(data) {
            // you can do stuff in here before you send the data, display spinner gif etc
            alert('sending the like');
        },
        success: function(data) {
            // same here but when the ajax request is successful
            // the data variable is coming from the echo of your PHP script
            alert(data);
        },
        complete: function(data) {
            // yet again but on completion
            alert('completed the like');
        }

    });

    // stops the browser following the link (href) in the a tag
    return false;

});

 

Now here is the part where I am struggling, mainly the PHP handling. We have created a load more button which loads more posts which works well. The code is as follows. How can I know work out the like part in the same way as the load more button?

<?php
include_once("../classes/db.class.php");
session_start();
$userid = $_SESSION['userid'];
$output = "";
$limit = $_POST['limit'];
if(isset($limit)){
    if($limit != ""){
        $conn = db::getInstance();
        $query ="SELECT posts.id, posts.post_title, posts.picture ,posts.description, posts.location, posts.post_date
                  FROM posts
                  INNER JOIN friends 
                  ON posts.user_id = friends.user1_id OR posts.user_id = friends.user2_id
                  WHERE friends.user1_id='$userid' OR friends.user2_id='$userid'
                  ORDER BY posts.post_date DESC
                  LIMIT $limit";
        $result = $conn->prepare($query);
        $result->execute();

        while($row = $result->fetch()) {

            $output.=' <div class="post">';
            $output .='<div class="post_desc"><p>'. $row['post_title'].'</p></div>';
            $output .='<div class="post__picture"><img src="'. $row['picture'].'" alt=""></div>';
            $output .='<div class="post_desc"><p>'. $row['description'].'</p></div>';
            $output .=' <div class="post_date">'. $row['post_date'].'</div>';
            $output .='</div>';


        };
        echo $output;
    }
}
else{

}

?>

Our database is as follows.

Answer 1

Assuming you can set the id column freely, and the userid and postid sections are alphanumerical, you can require the id column to be unique. The following will then always work:

include_once("../classes/db.class.php");
$conn = db::getInstance();

$userid = $_SESSION['userid'];
$postid = $_POST['id'];
$id = "$userid/$postid";

$query = "INSERT INTO likes (id, user_id, post_id) VALUES ('$id', '$userid', '$postid')";
if ($conn->query($sql) === TRUE) {
    echo json_encode({postid: postid});
} else {
    // There was a small problem processing the like
    // You might want to add a check in your success function just to be sure
    header('HTTP/1.1 500 Internal Server Error');
}

However, be sure to add a few tests to prevent SQL injections (e.g. by ensuring $postid consists only of integers). If no such guarantee can be made, you should check out this thread. Otherwise (e.g. if id is generated using AUTO_INCREMENT), you'd have to add a test which tries to retrieve ($userid, $postid) to check if it doesn't exist already:

if (conn->query("SELECT 1 FROM likes WHERE userid=$userid AND postid=$postid")->num_rows == 0) {
    // Place the code starting from `$id = ` in here.
};