Get JS value from button to PHP for use in query

Question

I am attempting to make a dynamic list of entries in a html table with buttons to move entries to an archive. I can get the button var to JS, I can execute a query in that function, but I can not use the JS var for that query.

With what should I replace $test in the query for it to use the JS var?

<html>
<head>
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/css/bootstrap.min.css">
    <style>

    </style>
</head>
<body>
    <div class="container">
        <div class="row">
            <div class="col-md-12">
                <?php
                $mysqli = new mysqli('localhost', 'un', 'pw', 'db');
                $list = "<table class='table table-bordered'>";
                $list.= "<center><h2>list</h2>";
                $query = "SELECT * from table1 ORDER BY date ASC;";
                $stmt = $mysqli->prepare($query);
                $stmt->execute();
                $res = $stmt->get_result();
                $data = $res->fetch_all(MYSQLI_ASSOC);
                foreach ($data as $row) {
                    $table_id = $row['id'];
                    
                    $list.= "</tr><tr>";
                    $list.= "<tr><td>"; 
                    $list.=  $row['name'];
                    $list.=    "</td><td>"; 
                    $list.=  "<form action='' method='post'>";
                    $list.=  "<button value='$table_id' name='submit' id='arch'  type='submit' onclick='dosomething(this.value)' class='btn btn-danger btn-xs'>move to archive</button>";
                    $list.=  "</form>";
                    $list.=  "</td></tr>";
                }
                $list .= "</table>";
                echo $list;
                $id = 5;  //placeholder          
                if(isset($_POST['submit'])){
                    echo "phpres=".$table_id; // only gives the latest value in the list
                    $stmt = $mysqli->prepare("select * from archive where id = $id");
                    if($stmt->execute()){
                        $result = $stmt->get_result();
                        if($result->num_rows>0){
                        $msg = "<div class='alert alert-danger'>Already Copied</div>";
                        }else{
                            $stmt = $mysqli->prepare("INSERT INTO archive SELECT * FROM table1 WHERE id = $id");
                            $stmt->execute();
                            $msg = "<div class='alert alert-success'>Copied Successfull</div>";
                            $stmt->close();
                            $mysqli->close();            
                        }
                    } 
                } 
                ?>
            </div>
        </div>
    </div>
    <script>
        function dosomething(val) {
            alert(val); //does give correct value but can't be used
        }
    </script>
</body>

</html>

PHP is run on the server, JS on the client. Use AJAX to pass the value to a PHP script — brombeer, May 03 '22 at 09:36
In order to trigger PHP code to execute, you must sent a HTTP request from the browser to the server, containing the data you need. So you have all the usual options for doing that - e.g. you can either cause the browser to navigate to a URL, or submit a form, or send an AJAX request. — ADyson, May 03 '22 at 09:36
P.S. In order to take advantage of the SQL injection protection provided by prepared statements, you also need to use _parameters_ instead of adding your $test variable directly into the SQL text. https://phpdelusions.net/mysqli contains simple examples of writing safe SQL using mysqli. See also the mysqli documentation and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Using parameters will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. — ADyson, May 03 '22 at 09:37
The $test variable was just something I used to verify that the mysql statement would execute. I was hoping I could replace it with something like document.getElementById('arch').value; or The goal is to have entries moved without posting it to a different page for execution. — johnbstamp, May 03 '22 at 09:55
brombeer, could you edit my snippet to show how that's done? — johnbstamp, May 03 '22 at 09:59
`The goal is to have entries moved without posting it to a different page for execution`...that's where AJAX comes in then - it sends a request asynchronously without reloading the whole page. There are a billion and one tutorials online which can teach you the principles and practicalities. — ADyson, May 03 '22 at 10:18
Thanks. i read a lot of them but I just can't get it to work. I'll post my question differently, perhaps the real issue was not that clear in my current post. The button Id's are dynamicly added in a html table and if i call them with pho I only get the latest entry. — johnbstamp, May 03 '22 at 10:28
The PHP will just use whatever value you send it through the AJAX request. If you're getting the wrong ID value received by PHP, it's probably more likely to be a mistake in the JS or HTML. But we'd need a proper [mre] of your real issue in order to be sure. — ADyson, May 03 '22 at 10:30
Thanks. With `echo "phpres=".$table_id;`...you're using the (last looped) value from your original SELECT query, not the value which was submitted in the form. `$_POST['submit']` should contain the correct value. — ADyson, May 03 '22 at 10:48
Thanks a lot!! That actually worked! i've been trying to get this to work for over a day now. So simple yet so far away ;) Thanks again! You made my day! — johnbstamp, May 03 '22 at 10:51

Get JS value from button to PHP for use in query

0 Answers0