want to know which user was contacted from mysql database using php

Question

so I have a list of people with their city name and contact numbers in mysql database which is displayed on my website. I want to know which person was contacted by a visitor. Here is a snippet of my code:

<?php
$city = $_POST['city'];
$sql = "SELECT * FROM users WHERE city = '$city'";
$result = mysqli_query($conn, $sql);
    if (mysqli_num_rows($result) > 0) {
    while ($row = mysqli_fetch_assoc($result)) {
        $id = $row['id'];
?>
<tr>
<td class="pl-4"><?php echo "<h3>" .$row['fname']. " " .$row['lname']. "</h3>"; ?>
  <a href="tel: +91<?php echo "" .$row['phnumber']. "" ?>"><BUTTON onClick="contactclick();" class="track btn btn-outline-info p-2"><span class="icon-phone"></span> Contact</BUTTON></a>
  </td>
<script>
function contactclick() {
  <?php
  $sql7 = "SELECT * FROM users WHERE id = '$id' LIMIT 1";
  $result7 = mysqli_query($conn, $sql7);
  $row7 = mysqli_fetch_assoc($result7);
  $firstname = $row7['fname'];
  $lastname = $row7['lname'];
  $city7 = $row7['city'];
  $txt = 'Call received by:'.$firstname.' '.$lastname.' of '.$city7.'';
  $file = fopen('drivers-contacted.txt','a');
  fwrite($file,$txt);  
  ?>
}
</script>
                </tr>

As you can see from the code I have tried making a text file and adding info into that file everytime 'contact' button is clicked. But it adds the name of all people in the list instead of 1 who was actually contacted. How can I solve this? Also, is there a better way to get the information I want, like which user was contacted from my database list?

PS : I'm new to coding

1. is there a reason you're adding this data to a textfile instead of the database you can already connect to? 2. You're slightly confusing JavaScript and PHP right now - your `button` will call the JS `contactclick` function when clicked (client-side), but your PHP processes server-side and only processes when the page initially loads. One suggestion would be to do some sort of AJAX request (something for you to google to learn more about). Also see https://stackoverflow.com/questions/9490809/php-and-javascript-interaction for more info. — WOUNDEDStevenJones, May 19 '20 at 17:14
**Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, May 20 '20 at 14:04
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli — ADyson, May 20 '20 at 14:04
And for general reading relating to your problem, see this: [What is the difference between client-side and server-side programming?](https://stackoverflow.com/questions/13840429/what-is-the-difference-between-client-side-and-server-side-programming) — ADyson, May 20 '20 at 14:05

score 0 · Accepted Answer · answered May 19 '20 at 17:15

0

In general: you are trying to communicate in the direction of client-side to server-side when you want to do a server-side action on a button click. Embedding PHP code inside the client script is not the correct way to do this. Please look up AJAX. A library called jQuery is fairly easy to use and has a simple interface for AJAX.

In addition: unless there is some code missing from this snippet, what this appears to do is create n contactclick() functions, each with its own ID. You need to take the function out of the loop, and have it accept id as a parameter. Then you can do an AJAX call from this function and your back-end (PHP) code will write to a file.

answered May 19 '20 at 17:15

Ynhockey

3,845
5
33
51

To help clarify for OP - there should be 1 JS function will be called by passing in a specific phone # to track like `contactclick('123-123-1234')` or `contactclick('555-555-5555')` which will make an AJAX call to a separate page like `log-contact.php?phoneNumber=123-123-1234`. Then there will be a PHP file (`log-contact.php`) that will handle the passed `$_GET['phoneNumber']` value and write it to either the database or the text file. – WOUNDEDStevenJones May 19 '20 at 17:18
what it does ,it takes city name as an input by user and outputs a list of people of that city with their contact numbers. so if I take the function out of the loop I wouldn't know which number is clicked. If I keep it inside the loop then it records last number of list irrespective of which number is clicked. I don't think there is any way around it. PS : I've successfully implement ajax/jquery for it and txt file is working – Arnav May 21 '20 at 13:05
@Arnav you need to pass the ID as a parameter, then you will only need one function. – Ynhockey May 24 '20 at 14:23

want to know which user was contacted from mysql database using php

1 Answers1