Jump to content

Help with javascript/php mysql record updating


Darkmatter5

Recommended Posts

I have a checkbox in a form that has the following code.

 

<input type='checkbox' name='display_boxart' value='1' " .($userprefs['display_boxart']=='1'?"checked":""). " onchange='change_pref(\"display_boxart\",this.value,\"$userprefs[member_id]\")'>

 

Now here's the Javascript function change_pref

function change_pref(pref,str,id) {
    xmlHttp=GetXmlHttpObject();
    if (xmlHttp==null) {
        alert ("Browser does not support HTTP Request");
        return;
    }
    var url="change_prefs.php";
    url=url+"?p="+pref;
    url=url+"&t="+url;
    url=url+"&i="+id;
    xmlHttp.open("GET",url,true);
    xmlHttp.send(null);
}

 

And here's change_prefs.php as referenced in the javascript function

<?php
  include('library/config.php');
  require_once('library/vein_funcs.php');
  ($_GET['t']==""?$_GET['t']==0:$_GET['t']==1);
  $query="UPDATE members SET $_GET[p]=$_GET[t] WHERE member_id=$_GET[i]";
  $result=mysql_query($query) or die(mysql_error());
?>

 

My intent is when the user changes the check box to checked or not checked the members display_boxart value should be changed to 0 if display_boxart is unchecked or 1 if display_boxart is checked.

 

Am I on the right track? Is this the wrong way to do this? Is there an easier way to do this?

You may want to add this to your php :

 

change_prefs.php

<?php
$t = (int) $_GET['t'];
$p = (int) $_GET['p'];
$i = (int) $_GET['i'];
?>

 

To prevent SQL Injection. And make some test to be sure the user has the right to do this action before doing it or else anyone can change data in your database.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.