-1

I need help please.

i have 2 files:

  1. ajax.php
  2. shows.php

and i have table in my data base that call shows. in shows table i have column - img_credit. i try to UPDATE this field.

i insert value to input field and when i click on update button i want the query run and UPDATE my database.

i try:

$(document).ready(function(){
    $(".update_credit").click(function(){   
<?php 
    $val_update = $show['img_credits'];

    $link->query("UPDATE `shows` SET `img_credits` = '$val_update ' WHERE `id` = show['id'] "); 
?>

if i do this i get error but if i change to:

$link->query("UPDATE `shows` SET `img_credits` = 'test' WHERE `id` = 421 ");

it's work but it not help me.

i check and the value shows['img_credit'] is not empty.

thank's

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
liran
  • 21
  • 4

1 Answers1

0

From the code you've provided, it seems that you're mixing up the client side logic (Javascript/jQuery) with the server side logic (PHP).

When you have mixed up client side and server side logic in the same file, the server side code (PHP) will execute first and only after the client side (Javascript). Also in the above code, it doesn't matter if you include PHP code in a Javascript function, the PHP code will execute regardless of where is located in a Javascript structure. That's why is a good practice to avoid mixing them up in the same file.

I would recommend using a basic API structure like this:

let body = "foo"; //param to be sent to server side
let request = $.ajax({
    type: "POST",
    url: "ajax.php",
    data: body
});
request.done(function (response) {
    console.log(response);
});
request.fail(function (jqXHR, data) {
    console.log("API error", data, jqXHR);
});

And then in your ajax.php file you would have the backend logic to do database operations like this:

<?php 
$val_update = $show['img_credits'];

$link->query("UPDATE `shows` 
              SET `img_credits` = '$val_update' 
              WHERE `id` = ".$show['id']);

Don't forget to use proper means of protecting against SQL injection, like prepared statements etc.

Dan D.
  • 815
  • 9
  • 16