Jump to content

Passing variables between pages

minat0

By minat0
in PHP Coding Help

 Share

Recommended Posts

minat0 Newbie

minat0

Posted
Posted

Hi there,

 

I want to pass a input variable from login_success.php which will be sent to sqlprocess.php as the variable 'SQLinput';

 

sqlprocess.php

$link = mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$query = $_REQUEST['SQLinput']; //You don't need a ; like you do in SQL
$result = mysql_query($query);
$numfields = mysql_num_fields($result);

login_sucess.php

<form action="" method="post"
   <label>
         <span>SQL Input :</span>
         <input type ="text" id="message" name="SQLinput" placeholder="Input SQL"></textarea>
     </label> 
	 <label>
         <span>SQL Output :</span>
         <output id="text" id="SQLoutput" ></input>	

<script type="text/javascript" charset="utf-8"> 
			
		// handles the click event for link 1, sends the query
function getOutput() {
  getRequest(
      'sqlprocess.php', // URL for the PHP file
       drawOutput,  // handle successful request
       drawError    // handle error
  );
  return false;
}  
// handles drawing an error message
function drawError () {
    var container = document.getElementById('output');
    container.innerHTML = 'Bummer: there was an error!';
}
// handles the response, adds the html
function drawOutput(responseText) {
    var container = document.getElementById('output');
    container.innerHTML = responseText;
}
// helper function for cross-browser request object
function getRequest(url, success, error) {
    var req = false;
    try{
        // most browsers
        req = new XMLHttpRequest();
    } catch (e){
        // IE
        try{
            req = new ActiveXObject("Msxml2.XMLHTTP");
        } catch (e) {
            // try an older version
            try{
                req = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e){
                return false;
            }
        }
    }
    if (!req) return false;
    if (typeof success != 'function') success = function () {};
    if (typeof error!= 'function') error = function () {};
    req.onreadystatechange = function(){
        if(req .readyState == 4){
            return req.status === 200 ? 
                success(req.responseText) : error(req.status)
            ;
        }
    }
    req.open("GET", url, true);
    req.send(null);
    return req;
}
</script>

<a href="#" onclick="return getOutput();"><button type="submit" id="search_btn" value="Submit">Submit</button> </a>
<div id="output">waiting for action</div>

Prior to the JS code - I was able to peform this action - however the JS code enables me to post the query onto the same page. I would like essentially like to query the database through an input box and output the same result on the same page.

 

Thanks!

 

Link to comment
Share on other sites
gristoi Newbie

gristoi

Posted
Posted

Are you serious? If you intend to code like this then you might as well quit now. Read up on SQL injection, and this snippet is the mother of them all. Im not going to help you any further on this as it could have dire consequences for anyone using this script.

 

 

$query = $_REQUEST['SQLinput']; //You don't need a ; like you do in SQL
$result = mysql_query($query);
Link to comment
Share on other sites
ginerjm Prolific Member

ginerjm

Posted
Posted (edited)

In case you don't realize what gristol is telling you - YOU ARE DOING SOMETHING VERY STUPID HERE.

 

1 - separate your code (php) from your html - makes no sense to mix them all together. 

2 - Read the manual for any one of the MySQL_* functions.  NOTICE THE BIG RED BOX SAYING NOT TO USE IT!!!

3 - Do not in any way allow the user to write your query for you.  What?! Are you that stupid that you would let someone actually write a malicious query that could delete your entire database - not just a table - your entire database?

4 - Check your work before posting it for others to work with.  You have an input tag that you "attempt" to close with a </textarea> tag.  What the h.  is this?

 

5 - Where ever you got this code - return it and don't use anything from that source again.  You have no idea what mistake you are attempting to make.

 

Lastly - what you are trying to do is called AJAX.  It allows you to have a page that contains JS code that will call a php script and get a response from it and post that result back to the page without doing a refresh.  Depending upon the speed of your connection and your server it can be quite instantaneous.  I think that is what you want.  You should read up on THAT too.

Edited by ginerjm
Link to comment
Share on other sites
minat0 Newbie

minat0

Posted
  • Author
Posted (edited)

Okay I should clarify that this is an internal website used for various members of the team to query the database - YES I know its prone to SQL injection but that's the whole point of creating this website. The people using this webpage know the tables and its just an easier way of connecting to the DB along with a better UI. The purpose is to query the database and output the results into an email and send them.

 

Does this make sense?

Edited by minat0
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.