0

So i have a page called user.php as test

<?php 
$user = $_GET['userID'];
echo $user;
?>

then i have .js that uses ajax to add a comment on the profile which works but the php that it uses (select and insert) is in a file called profileComments.php

$.ajax({
        url: 'profileComments.php',
        method: 'POST',
        async: false,
        data: {
            display: 1,
            user: userID
        },
        success: function () {
            insertComments();
        }
    });

now i want to edit the select query of that profileComments.php file to only display those with the right userID

<?php
include "db.php";
$user = $_GET['userID'];

if (isset($_POST["display"])) {
  $comments= "SELECT * FROM comments";
  $query= mysqli_query($connection, $comments);

  while ($comments = mysqli_fetch_assoc($query)) { ?>
        <li>
            <?php echo $comments["content"]?>
        </li>
    <?php }
}

But the problem is when I edit it in

"SELECT * FROM comments WHERE userID = $user"

at the top i've written this $user = $_GET['userID']; but it gives me the unidentified error

How can i make this work?

Improve this question
7
  • 1
    it's not clear to me which script gets included into the other one. And which one is called via ajax. Can you please clarify that in your question? Commented Jul 9, 2018 at 19:01
  • 1
    You should probably show the code that calls profileComments.php. Also, there is no such thing as "an ajax file". AJAX stands for Asynchronous Javascript, and is a technology. Commented Jul 9, 2018 at 19:01
  • 1
    Also read up on SQL Injection and "Little Bobby Tables" Commented Jul 9, 2018 at 19:03
  • Without knowing your ajax call code, it could be $_POST['userID']; ... Commented Jul 9, 2018 at 19:04
  • I updated the question with the ajax code and the profileComments Commented Jul 9, 2018 at 19:12

1 Answer 1

Reset to default
1

You're using AJAX to send a POST request, not a GET request (See the method value of your ajax request). Therefore, all of the data in that AJAX request will be read into the $_POST superglobal of PHP.

You also named that key 'user', not 'userID' (see the data value of your ajax request).

Try:

$user = $_POST['user'];
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

I tried that but i still get the same error, just want to get the user from the URL and i thought $_GET would do that job but i'm new to this and yea still wondering how to make it work
You tried $_POST['user']? Because that matches your code. If you want to put it in the URL, then put it in the URL. You could set the AJAX url to 'profileComments.php?userID=' + userID
i'm not following?
@anonymous It's very simple: POST data is put in $_POST, URL parameters are in $_GET.
So on comments I added $user = $_POST["user"] and my Ajax now looks like this $.ajax({ url: 'profileComments.php?userID' + userID, method: 'POST', async: false, data: { display: 1, user: userID }, success: function () { insertComments(); } }); This still results in the same error, so im not sure what I do wrong and I apologize that I'm asking a lot since im new to this
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.