Update table after onclick php

Question

i build system notifications and have me problem.

i want update table 'notifications' after onclick from 'new=1' to new='0' for a user logged.

how i update at database after onclick with ajax or something other. if i send request server with ajax as this:

        function readNotifications(str)
    {
    if (window.XMLHttpRequest)
      {// code for IE7+, Firefox, Chrome, Opera, Safari
      xmlhttp=new XMLHttpRequest();
      }
    else
      {// code for IE6, IE5
      xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
      }
    xmlhttp.onreadystatechange=function()
      {
      if (xmlhttp.readyState==4 && xmlhttp.status==200)
        {
        document.getElementById("txtHint").innerHTML=xmlhttp.responseText;
        }
      }
    xmlhttp.open("GET","controlpanel.php?notification=readNews",true);
    xmlhttp.send();
    }

The server does not know which USER ID to update the alerts. And if I send USER ID at time be possible to change the USER ID and everyone can update the notifications of each other and this a not security.

I'm sorry for my English, if I do not understand you can ask a question. Thank you!

Answer 1

I think its better for you to save the user_id in a session variable once the user logs in.

<?php
session_start();
// store session data
$_SESSION['user_id']=100001;
?>

and access it from your code behind during the processing of your ajax request.

$_SESSION['user_id']

AND
if you use cookies, you can still accept that from your server side code.

$_COOKIE["user_id"]; 
will do it.

just make sure that, you set the withCredentials property to true.

var req= new XMLHttpRequest();
req.withCredentials = true;