ajax popup submits mysql query without being clicked

[pneb]

Hello,

I thought this Ajax popup was working perfectly.

 

However, I just discovered that the mysql query in div ID "highslide-html-contactform1" gets executed without being clicked as long as the user is logged in (that is, if($my->id) is true).

 

In other words,if user clicks the RFI  link, the script creates a "highslide" style popup which either requests the user to login or (if logged in) submits the user rquest for information.

 

The problem is that if the user is already logged in, the user request is submitted without the link beling clicked

 

 

Is there any way to limit execution to only the "onclick" event.

 

Many thanks,

Patty

 

 

<?

$Request_Date=date("m-d-Y");

$contact="literature";

 

?>

 

 

 

<a href="#" style =" font-size:14px; color:#B5404D; text-decoration:underline;" onclick="return hs.htmlExpand(this, { contentId: 'highslide-html-contactform1' } )" title="Request Information"> RFI</a> <div id='highslide-html-contactform1' class="highslide-html-content" style="width: 350px"> <div class="highslide-body">

 

 

 

<?

global $my;

 

 

global $SERVER_NAME,$REQUEST, $_POST, $_GET,$SCRIPT_NAME,$QUERY_STRING;

 

 

$server = mysql_connect($dbhost, $dbusername, $dbpass)or die(mysql_error());

 

$server1 = mysql_connect($dbhost1, $dbusername1, $dbpass1);

$connection = mysql_select_db($dbname, $server)or die("Can't connect to database1.");

$connection1 = mysql_select_db($dbname1, $server1)or die("Can't connect to database2.");

 

if (isset($_GET[action])){

// Retrieve the GET parameters and executes the function

 

foreach($_GET as $key => $value)

{

 

$$key=$value;

}

 

 

} else if (isset($_POST[action])){

// Retrieve the POST parameters and executes the function

 

foreach($_POST as $key => $value)

{

 

$$key=$value;

}

}

$user=$my->id;

$contact="contact";

 

if($my->id) {

 

 

$query = "SELECT jos_comprofiler.user_id, jos_comprofiler.company, jos_comprofiler.address, jos_comprofiler.city, jos_comprofiler.state, jos_comprofiler.zipcode, jos_comprofiler.phone, jos_users.id, jos_users.name, jos_users.email FROM jos_comprofiler RIGHT JOIN jos_users ON jos_users.id = jos_comprofiler.user_id WHERE jos_users.id = $user";

 

$res=mysql_query ($query) or die(mysql_error());

while($row=mysql_fetch_array($res)){

$name=$row["name"];

$userid=$row["user_id"];

$company=$row["company"];

 

$address=$row["address"];

$city=$row["city"];

$state=$row["state"];

$zipcode=$row["zipcode"];

$phone=$row["phone"];

$email=$row["email"];

 

}

 

 

 

$query1 = "insert into directory.requests (record, showid, userid,user_name,company,address, city, state, zip, phone, email, vendor_id, request,date) Values(NULL,'$showid','$userid', '$name','$company','$address', '$city','$state', '$zip', '$phone', '$email','$vendorid','$contact','$Request_Date') ";

 

 

$result=mysql_query($query1) or die(mysql_error());

$query2 = "select supplierName from vendor where supplierid = $vendorid";

$res2=mysql_query ($query2) or die(mysql_error());

while($row=mysql_fetch_array($res2)){

$vendornamename=$row["supplierName"];

}

 

echo "Thank You for your request " . $my->name ." (" . $my->username . ").<br>";

echo"<br>Your request for information has been submitted to $vendornamename";

 

 

}

else{

echo"You must first log in (or register) in order to request information <BR>Use your <i>PP&P</i> login on the right. No Account? <a href=\"http://www.pppmag.com/index.php?option=com_comprofiler&Itemid=10070&task=registers\">

Register Now.</a>";

}

 

?>

 

 

 

<div class="highslide-html-content-header"> <div class="highslide-move" title="<?php echo $cd_login_lang_move; ?>"> <a href="#" onclick="return hs.close(this)" class="control" title="close">close</a> </div> </div> </div> </div> <p></p>