0

I send values from php to script

<img src=\"images/add.jpg\" onclick='add_program_user(".$value['id_program'].",".$value['min_age'].",".$value['max_age'].")' onmouseover=\"this.style.cursor='pointer'\" />

The script is:

function add_program_user(id_program){
    var str="./add_program_user.php?p1="+id_program+"&p2="+min_age+"&p3="+max_age;
    window.location=str;    
}

What I would like to do is check in add_program_user.php if the user has the correct age range. My not working code is:

$query = "SELECT age FROM user WHERE user.mail = '".$_SESSION['logged_user_mail']."'";
    $res = @mysqli_query($con,$select_query) or die('Error, query1 failed');
    $num_res = mysqli_num_rows($res);
    if($age< min_age || $age> max_age){
        echo '<html><meta charset="UTF-8"><script language="javascript">alert("Wrong age range."); document.location="user_programs.php";</script></html>';
    }

Any help? Thanks in advance.

Improve this question
3
  • add_program_user takes only one parameter in your function definition, while passed three in onclick event. Place console.log(str); in second line of add_program_user(id_program) and post output. Commented Mar 21, 2017 at 12:13
  • Okay, first in your JS, you need to correct the line var str="./add_program_user.php?p1="+id_program+"&p2="+min_age+"&p3"+max_age;... there's a = missing after p3. Second, the if part in your add_program_user.php script doesn't make any sense. There are no variables (age instead of $age)... Where is $age defined? And do you need to compare it against the values you get from p2 and p3? Also your JS function only takes 1 parameter, you're passing 3 in your onclick part Commented Mar 21, 2017 at 12:14
  • @PatrickManser I thought that I was getting age value from the "SELECT age...". Also, I will edit the mistake in Js. Thanks Commented Mar 21, 2017 at 12:20

1 Answer 1

Reset to default
1

I'd like to suggest some changes to the image section. This just simply makes it easier to read (IMO).
What I have done is to just wrap the array values in curly braces ({}) which means that you don't have to concatenate the string with the full stop, which I find easier to read. Note that it is only available when using the double quotes ".
So what that means is add_program_user(".$value['id_program']."," becomes add_program_user({$value['id_program']},

echo "<img src=\"images/add.jpg\" onclick=\"add_program_user({$value['id_program']}, {$value['min_age']}, {$value['max_age']})\" onmouseover=\"this.style.cursor='pointer'\" />";

My second note would be regarding your JavaScript function. As Patrick Manser said in the comments, you were only passing one argument to the function, but trying to get 3 from it. This is easily rectified by changing the function to the following.

function add_program_user(id_program, min_age, max_age) {
    var str = "./add_program_user.php?p1=" + id_program + "&p2=" + min_age + "&p3=" + max_age;
    window.location = str;
}

Finally, you didn't use the $ for the variable names (i.e. $min_age in the if statement).
So, I propose the following edits to the PHP script.
I'd also suggest using prepared queries in your future queries.

<?php
// store the get variables
$id_program = $_GET["p1"];
$min_age    = $_GET["p2"];
$max_age    = $_GET["p3"];

$query = "SELECT age FROM user WHERE user.mail = '{$_SESSION['logged_user_mail']}'";
$res = @mysqli_query($con, $query) or die('Error, query1 failed');
$num_res = mysqli_num_rows($res);

// ensure only one user is selected
if ($num_res == 1)
{
    $age = mysqli_fetch_array($res, MYSQLI_ASSOC); // store the data
    // check the age range
    if ($age < $min_age || $age > $max_age)
        echo '<html><meta charset="UTF-8"><script language="javascript">alert("Wrong age range."); document.location="user_programs.php";</script></html>';
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.