1

My view.php page comes from another page by getting a unique id which is serial. Now in my view.php page I want to show that specified serial no data from charts.php. I have done my code by myself. It is fetching the data. But not that selected serial no. How can I solve this

view.php

<?php 
if(isset($_GET['serial'])){
        $serial = $_GET['serial'];
?>
<html>
<div class="container" id="output"></div>
</html>
<script>
    $(document).ready(function(){
        function getData(){
            $.ajax({
                type: 'POST',
                url: 'charts.php',
                success: function(data){
                    $('#output').html(data);
                }
            });
        }
        getData();
        setInterval(function () {
            getData(); 
        }, 1000);  // it will refresh your data every 1 sec

    });
</script>

charts.php

<?php 
   $sql = mysqli_query($con,"SELECT * FROM criminal WHERE rand = '$serial'");
    while($row = mysqli_fetch_assoc($sql)){
 ?>

Please help.

Mehedi Hasan Siam
  • 1,224
  • 3
  • 12
  • 28

2 Answers2

2
  1. First of all, close your first if ( you forgot } )
  2. In ajax, after url line, send serial parameter. ( data: {serial: "echo with php the variable"}, )
  3. In charts.php query, get the post value. ( $_POST['serial'] ).
cacti5
  • 2,006
  • 2
  • 25
  • 33
oalexandru
  • 19
  • 5
2

You want to place your $serial variable within your url. This is known as a query string. 

$(function() {
    function getData(){
            $.ajax({
                type: 'POST',
                dataType: 'JSON',
                url: 'charts.php?serial=<?= $serial?>', //<-- RIGHT HERE
                success: function(data){
                    $('#output').html(data);
                }
            });
        }
})

Then you'll GET the data you just sent from ajax. It'll look like your first GET variable. You'll use that variable in your query.

In your php:

<?php 
   $your_variable = $_GET['serial'];
   $sql = mysqli_query($con,"SELECT * FROM criminal WHERE rand = '$your_variable'");
    while($row = mysqli_fetch_assoc($sql)){
        $variable_to_send = $row['serial']; //<--- Whatever your column name is
    }
    echo json_encode($variable_to_send);
 ?>

PDO VERSION As suggested by @JayBlanchard it's highly advisable you do some research on PDO. It is much safer.

I'll give you a PDO example:

$serial = $_GET['serial']; //The variable you're sending over from view.php

$hostname = 'your_hostname';
$username = 'your_username';
$password = 'your_passwd';
$dbname = 'your_db_name';

$pdo = new PDO("mysql:host=$hostname;$dbname=$dbname", $username, $password); //Create a new PDO object
$stmt = $pdo->prepare("SELECT * FROM criminal WHERE rand = :rand"); //prepare the query for execution
$stmt->bindValue(':rand', $serial); //bind your variable to your query
$stmt->execute(); //Run it
$result = $stmt->fetchColumn(); //Get a single column. No while loop.

echo json_encode($result); //Echo it back to your ajax function

I tested this against my own database and it displayed results on my screen with no errors (using my own values of course).

DevOpsSauce
  • 1,319
  • 1
  • 20
  • 52
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 26 '18 at 11:17
  • Yeah. We gotta remember Bobby Tables. He causes a lot of trouble. I should've written my answer in that context. I just wasn't thinking about it. Thanks for mentioning that. – DevOpsSauce Jul 26 '18 at 12:57
  • 1
    Edited answer to add PDO version. – DevOpsSauce Jul 26 '18 at 13:37