1

I am running a mysql select query in php like this

<?php
  $getvalue="SELECT id,name from table1 WHERE column1='$var1' and column2='$var2'";
  $result=mysql_query($getvalue) or die(mysql_error());

  while($row=mysql_fetch_array($result)){
       extract($row);
       echo $name;
  }
?>

var1 and var2 are javascript variables on the same page. I know client side variable cannot be passed to server side. But is there any workaround as the variables are in the same page.

Improve this question
2
  • 2
    JavaScript variables can be passed to PHP by AJAX, or by using a form Commented May 2, 2014 at 19:46
  • 1
    more SQL injections waiting to happen :) Commented May 2, 2014 at 19:49

3 Answers 3

Reset to default
5

In order for you to make this happen - I believe - you have to use AJAX.

The code will look like this:

        $.ajax({
            url: 'your_script.php',
            type: 'POST',
            data: {var1: javascript_var_1, var2: javascript_var_2},
            success: function(data) {
                console.log("success");
            }
        });

Your PHP will look similar to this (without keeping in mind the JSON encode:

<?php

$var1 = $_POST['var1'];
$var2 = $_POST['var2'];

  $getvalue="SELECT id,name from table1 WHERE column1='$var1' and column2='$var2'";
  $result=mysql_query($getvalue) or die(mysql_error());

  while($row=mysql_fetch_array($result)){
       extract($row);
       echo $name;
  }
?>

Then you can JSON encode the results and pretty much output them on the success. Your php script - however - must live on another php file.

Also, escape your data. Use prepared statements.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

i know about PDO and prepared statement in theory. Just trying my hands on the basics. Is the above valid on the same php page.
tried it once more... got it right by making another test.php page and querying sql statement there. Also i used PDO.
1

In theory, you could pass the vars to php via some sort of ajax call. I think it would go something like...

JavaScript:

var data = {
    'var1': $('selector').val(),
    'var2': $('selector').val()
};

$.ajax({
    type: 'post',
    url: 'path-to-your-file.php',
    data: data,
    timeout: 50000
}).done(function(response) {
    console.log(response);
}).fail(function(error) {
    // uh-oh.
});

php:

<?php
print_r($_POST['data']);

Otherwise, you could use:

  • cookie
  • hidden input

php:

<?php 
... column1='$_COOKIE["mycookie1"]' and column2='$_COOKIE["mycookie1"]'";
... column1='$_POST["hidden1"]' and column2='$_POST["hidden2"]'";

NOTE: you will want to sanitize the data. Using raw cookie and/or input values could lead to some less than desirable results.

Improve this answer

Comments

0

Use Method Post in AJAX or Form!! To send js variable in Php and receive it in php using $_post[ name_of_obj ];

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.