1

Can you help me, I am passing text between pages using local storage. How am I going to condition this retrievedObject variable:

var retrievedObject = localStorage.getItem('textValue');

on mySQL WHERE condition:

$sql = "SELECT * FROM classvideo WHERE linkcode = ''";

I tried putting "'+retrievedObject+ '" but it does not work. Thank you!

zultz
  • 224
  • 2
  • 9
  • 1
    Don't use string concatenation to build SQL queries. That could cause SQL injection vulnerabilities. Create prepared statements and run the prepared statements with arguments. Are you trying to load values from local storage into a JavaScript variable and use this value in your PHP code to query data from MySQL? –  Jun 23 '21 at 08:54
  • 3
    Does this answer your question? [What is the difference between client-side and server-side programming?](https://stackoverflow.com/questions/13840429/what-is-the-difference-between-client-side-and-server-side-programming) –  Jun 23 '21 at 08:57

1 Answers1

0

If i got your question right, you want to pass the retrievedObject variable from JavaScript (client) to PHP (server). You have to send the value of the retrievedObject to the server. You could achieve this with an GET or an POST Request. Here are some links about the GET and POST methods:

Also, as stated from jabaa, when using string concatenation you expose yourself for SQL Injection attacks (more on that here). I suggest using prepared statements, or escpaing your input with addslashes(string)

Elias Kleppinger
  • 175
  • 6