0

I need to put a mysql_query in the onClick event of a div. I tried this, but it does not work.

notifiche.php

while ($i < $result) {
    $id_noti = mysql_result($res, $i, "id");
    $msg=mysql_result($res,$i,"msg");
    ?>
    <div class="box" align="left" style="color: #5c5c5c; padding:4px; border-bottom: 1px solid #c0c0c0; width: 170px !important; position:relative;z-index: auto;">
        <div onClick="doSomething();" class="close_box" align="right"style="font-weight:bold; position:absolute;right:0; top:0; z-index:1;cursor:pointer;">
            x
            <input type="hidden" name="del_noti" value="<?echo $id_noti;?>">
        </div>
        <? echo $msg; ?>
    </div>
    <?  $i++;
}

the script in the head of main page is

<script type="text/javascript">
    function doSomething(){
        $.post("del_notif.php");
        return false;
}
</script>

and the del_notif.php

include 'files/config.php';
mysql_query("UPDATE notifiche SET a='delete' WHERE id='$_POST[del_noti]'");
Improve this question
7
  • 3
    Please don't use mysql_* functions anymore, they are deprecated. See Why shouldn't I use mysql_* functions in PHP? for details. Instead you should learn about prepared statements and use either PDO or MySQLi. If you can't decide which, this article will help you. If you pick PDO, here is a good tutorial. Commented Nov 11, 2013 at 12:23
  • 1
    I tried this, but not work.. what does not work? Any error messages? Called del_notif.php plain (not via ajax)? Please escape variables with user content in it. An yes: never ever use mysql_* as mentioned by @MarcelKorpel Commented Nov 11, 2013 at 12:24
  • 2
    SQL Injection ... Commented Nov 11, 2013 at 12:24
  • @TiMESPLiNTER Or better, use prepared statements instead of escaping. Commented Nov 11, 2013 at 12:31
  • @MarcelKorpel Of course yes, but escaping would be fine and the only solution for mysql_*... but doesn't matter as long as he uses mysql_* it's unsafe anyway. Commented Nov 11, 2013 at 12:34

1 Answer 1

Reset to default
3

You have to pass the argument to your doSomething function

<div onClick="doSomething(<?echo $id_noti;?>)"...>

and in your script

<script type="text/javascript">
function doSomething(id){
    $.post("del_notif.php", {id: id});
return false;
}
</script>

and on the server

include 'files/config.php';
mysql_query("UPDATE notifiche SET a='delete' WHERE id=". (int) $_POST["id"]);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.