0

So i have a page called user.php as test

<?php 
$user = $_GET['userID'];
echo $user;
?>

then i have .js that uses ajax to add a comment on the profile which works but the php that it uses (select and insert) is in a file called profileComments.php

$.ajax({
        url: 'profileComments.php',
        method: 'POST',
        async: false,
        data: {
            display: 1,
            user: userID
        },
        success: function () {
            insertComments();
        }
    });

now i want to edit the select query of that profileComments.php file to only display those with the right userID

<?php
include "db.php";
$user = $_GET['userID'];

if (isset($_POST["display"])) {
  $comments= "SELECT * FROM comments";
  $query= mysqli_query($connection, $comments);

  while ($comments = mysqli_fetch_assoc($query)) { ?>
        <li>
            <?php echo $comments["content"]?>
        </li>
    <?php }
}

But the problem is when I edit it in

"SELECT * FROM comments WHERE userID = $user"

at the top i've written this $user = $_GET['userID']; but it gives me the unidentified error

How can i make this work?

anonymous
  • 1
  • 2
  • 1
    it's not clear to me which script gets included into the other one. And which one is called via ajax. Can you please clarify that in your question? – Jeff Jul 09 '18 at 19:01
  • 1
    You should probably show the code that calls `profileComments.php`. Also, there is no such thing as "an ajax file". AJAX stands for Asynchronous Javascript, and is a technology. – Patrick Q Jul 09 '18 at 19:01
  • 1
    Also read up on SQL Injection and "Little Bobby Tables" – Dave S Jul 09 '18 at 19:03
  • Without knowing your ajax call code, it could be `$_POST['userID'];` ... – IncredibleHat Jul 09 '18 at 19:04
  • I updated the question with the ajax code and the profileComments – anonymous Jul 09 '18 at 19:12
  • also in your success-callback you don't ever use the data which get's sent back from php. might be something like this: `success: function (html) { insertComments(html); }` – Jeff Jul 09 '18 at 19:39
  • I tried to make a function with the get method but i just don't know how to fix this problem, like my URL is like this: /user.php?userid=1 and i don't know how to get the userid – anonymous Jul 09 '18 at 20:08

1 Answers1

1

You're using AJAX to send a POST request, not a GET request (See the method value of your ajax request). Therefore, all of the data in that AJAX request will be read into the $_POST superglobal of PHP.

You also named that key 'user', not 'userID' (see the data value of your ajax request).

Try:

$user = $_POST['user'];
Devon Bessemer
  • 34,461
  • 9
  • 69
  • 95
  • I tried that but i still get the same error, just want to get the user from the URL and i thought $_GET would do that job but i'm new to this and yea still wondering how to make it work – anonymous Jul 09 '18 at 19:27
  • You tried `$_POST['user']`? Because that matches your code. If you want to put it in the URL, then put it in the URL. You could set the AJAX url to `'profileComments.php?userID=' + userID` – Devon Bessemer Jul 09 '18 at 19:29
  • i'm not following? – anonymous Jul 09 '18 at 19:29
  • @anonymous It's very simple: POST data is put in `$_POST`, URL parameters are in `$_GET`. – Barmar Jul 09 '18 at 20:16
  • So on comments I added $user = $_POST["user"] and my Ajax now looks like this $.ajax({ url: 'profileComments.php?userID' + userID, method: 'POST', async: false, data: { display: 1, user: userID }, success: function () { insertComments(); } }); This still results in the same error, so im not sure what I do wrong and I apologize that I'm asking a lot since im new to this – anonymous Jul 09 '18 at 22:15
  • @anonymous what's the exact error? You don't need to do both: Add userID to the URL to access `$_GET['userID']` or include user in the POST data to access `$_POST['user']`. Having userID included twice is redundant. – Devon Bessemer Jul 09 '18 at 22:40
  • Notice: Undefined index: userID in /path/to/directory/comment.php on line 3 and this is after putting $id = $_GET['id'] on the profileComments page and having url: 'profileComments.php?userID=' + userID in the Ajax call – anonymous Jul 09 '18 at 23:37
  • That's a different file than profileComments.php... Are you looking at the response of your ajax request for this error!? – Devon Bessemer Jul 10 '18 at 00:32
  • yes sorry I mistyped the name of the page in my reply here, but yes I'm looking at the response and it keeps giving me the undefined index error – anonymous Jul 10 '18 at 07:44
  • It has been fixed, I tried a workaround that I came up with to fix the issue, thanks for all the help it was a huge help to achieve this – anonymous Jul 10 '18 at 10:15