-2
$data_sql = "SELECT * FROM teachers_table LIMIT {$limit} OFFSET {$offset}";

Returns the following error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'limit OFFSET offset' at line 1

I have earlier created two variables in ajax:

$.ajax({
             type: "GET",
                url: "mini_profiles.php",
                data: {
                    'offset':0,
                    'limit':9
                      },
                success:function(data){
                    $('body').append(data);
                    flag += 9;
                }

and then I assign then to string values which I tried to call in the SQL code:

 $limit = 'limit';
 $offset = 'offset';

Does what I've done to create the variables and assign them into the statement seem accurate? I realise I'm getting an error so there's obviously an issue somewhere, but just not sure what part of my code is causing the problem.

Many thanks for reading this.

Update to the original post to include complete ajax function:

<script type="text/javascript">

 <!--make the ajax call when page loads-->
$(document).ready(function()
{
     var flag = 0;

     <!--pass the two parameters, offset and limit-->   
     $.ajax({

            type: "GET",
            url: "mini_profiles.php",
            data: {
                'offset':0,
                'limit':9
                  },
            success:function(data){
                $('body').append(data);
                flag += 9;
            }

            });
            //Every time when we scroll we check the current value of scrollbar 
            //and if it has reached the bottom of the page
            $(window).scroll(function(){
                if($(window).scrollTop()>= $(document).height() - $(window).height()){
            //this is what happens at the bottom - same ajax function but we now want to offset by+=3 everytime
            //so above we create a variable and increase by three whenver the ajax call is successful       

                     $.ajax({

                    type: "GET",
                    url: "mini_profiles.php", //this is the ajax function calling the get_data.php
                    data: {
                        'offset':flag,
                        'limit':9
                          },
                    success:function(data){
                        $('body').append(data);
                        flag += 9;
                    }

                    });


                }
            });
});

</script>
Adam
  • 3
  • 4
  • 6
    $limit and $offset should be integers, should they not? – Progrock Jun 07 '18 at 08:54
  • 4
    Why do you assign strings to those variables? – Twinfriends Jun 07 '18 at 08:55
  • $limit and $offset will be values of 9 and 0 always. I guess I don't really need the offset value as I will always want to return results from the beginning of what's in the table. Limit value will also always be 9. I was trying to adapt a tutorial where this was carried out as part of a section of code which brought more values from the database(as defined by limit(9)) when the bottom of the page was reached. For this post I only displayed some of the code, but I'll edit the original question showing more code. Thanks – Adam Jun 08 '18 at 16:26
  • Sorry - I'm talking rubbish. Offset will need to increment by factors of 9, so at first the first 9 items from the table will be displayed, and then the next 9 (10-18) will be pulled from the database then 19-28 etc... – Adam Jun 08 '18 at 16:37

1 Answers1

3

You need to get the values you pass from your AJAX call into the variables so 

$limit = $_GET['limit']; 
$offset = $_GET['offset'];

$data_sql = "SELECT * FROM teachers_table LIMIT {$limit} OFFSET {$offset}";

Although this is prone to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements in either the MYSQLI_ or PDO API's

You dont say which API you are using so I cannot be much more help with showing you how to use parameterised and bound queries.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
  • Thanks. No doubt a backwards way of going forward but I feel once I get it to work, I will then edit my statements to protect against SQL Injection Attacks for MYSQLI. – Adam Jun 08 '18 at 16:35
  • @Adam If the answer solved the question, it should be marked as solved by ticking the checkmark till it turns green. – Funk Forty Niner Nov 22 '18 at 15:20