4

I need to load a file inside a container, but using an argument - to get some data from database firstly: 

$('#story').load('test.php');

test.php 

$st = $db->query("select * from users where id = " . $id);  

... processing variables... load the finished content

Here I need $id from client side. Is it possible?

qadenza
  • 9,025
  • 18
  • 73
  • 126
  • Possible duplicate of [GET URL parameter in PHP](https://stackoverflow.com/questions/5884807/get-url-parameter-in-php) – Kaddath Feb 21 '19 at 08:16
  • note that you should be very cautious not injecting directly the variable in your SQL string. [bobby tables](http://bobby-tables.com/) -> you should use prepared statements, and maybe do some checks first – Kaddath Feb 21 '19 at 08:18
  • @Kaddath sql injection on `select` statement? – qadenza Feb 21 '19 at 08:19
  • yes, that can be used to get informations about other tables of your DB, using join and such, good habit to take anyway – Kaddath Feb 21 '19 at 08:23
  • @Kaddath, thanks, I believed select statement is safe – qadenza Feb 21 '19 at 08:25

3 Answers3

5

yes ..you could pass with url query

$('#story').load('test.php?id=1');

test.php

$id = isset($_REQUEST['id'])?$_REQUEST['id']):'';
$st = $db->query("select * from users where id = " . $id);
prasanth
  • 22,145
  • 4
  • 29
  • 53
  • 1
    You can use null coalesce operator instead ternery operator as $id = $_REQUEST['id] ?? ''; – Rohit Ghotkar Feb 21 '19 at 08:19
  • 1
    @RohitGhotkar you are right.But its only supported on php 7 and above.Not with lower version https://stackoverflow.com/questions/34571330/php-ternary-operator-vs-null-coalescing-operator – prasanth Feb 21 '19 at 08:21
0

You can use ajax request and on success you load your file something like:

                    $.ajax({
                        type: 'POST',
                        url: "test.php", //make sure you put the right path there
                        data: {id: id},
                        dataType: "json",
                        success: function (resultData) {
                            $('#story').load('test.php');
                        }
                    })

Just make sure that your php function returns/echos the id you want.

That way you make a call to your php file and when it's successful you will load your file and you can put extra logic there if you want to return more data to use it of course.

resultData holds the output of your php function so it's up to you what info you want to be there.

pr1nc3
  • 8,108
  • 3
  • 23
  • 36
0

You could use Ajax to post the ID to your php code.

$.ajax({
type: "POST",
url: "test.php",
data: { 'id': foo },
cache: false,
success: function(){
   alert("Order Submitted");
  }
});

php:

<?php
$id = $_POST['id'];
Amal US
  • 21
  • 3
Alex Thunder
  • 1