CODEWITHSUNDEEP
phpjavascriptmysql
Richard Hedges
Richard Hedges

Reputation: 1188

JavaScript to update MySQL?

:)

I'm hoping to make a very simple rating system. It won't consist of anything like averages, it's literally vote up or vote down, so if there's more votes down it'll go into a minus stance.

What I'd like is for when the links to vote up/down are clicked, the page isn't refreshed, just that rating number. I'm guessing I can do this with JavaScript's append once it calls the new data, however I've no idea how to run the MySQL query with JavaScript.

From what I understand, this isn't all that safe so I'm hoping I can run it from a PHP file?

Can anyone tell me how to do this please?

Upvotes: 2

Views: 27472

Answers (5)

user305266
user305266

Reputation: 11

html_entities() does not exist. Try htmlentities() I also found that mysql_real_escape_string{} prevented the input from being picked up.

The javascript doesn't work. No way to work out why, as it does it silently, as always.

Upvotes: 0

bfavaretto
bfavaretto

Reputation: 71918

To do that, you use javascript to issue an asyncronous call (ajax) to a php file, which in turn runs the query to update the db, and returns a response to the javascript. Then you use that response to update the user interface. It's not safe to expose the query in javascript, so make sure the query itself is in the php file.

I personally recommend using jQuery's Ajax utilities for easy, cross-browser ajax.

Upvotes: 4

Jimmy
Jimmy

Reputation: 312

You have to have the SQL update query in a PHP file and execute that PHP script via AJAX. For example:

In PHP:

$page_id = mysql_real_escape_string(html_entities($_POST['page_id']));
$rating = mysql_real_escape_string(html_entities($_POST['rating']));

mysql_query(" UPDATE ratings(vote) VALUES ('$rating') WHERE id = '$page_id' ");

AJAX (assuming you are using jQuery):

function rate(rating, page_id)
{

   $.ajax({
      url: 'path/to/php_script.php',
      type: 'post',
      data: 'rating='+rating+'&page_id='+page_id,
      success: function(output) 
      {
          alert('success, server says '+output);
      }, error: function()
      {
          alert('something went wrong, rating failed');
      }
   });

}

HTML:

<form>   
   Like: <input type="button" value="Like" onClick="rate(1, $_GET['page_id'])" />
   <br />
   Hate: <input type="button" value="Hate" onClick="rate(2, $_GET['page_id'])" />
</form>

Upvotes: 11

genesis
genesis

Reputation: 50976

Yes, you can run it from PHP file and you can call PHP file from ajax. Easy example

<?php
if ($_GET['vote']){
    if ($_GET['vote'] != "down" && $_GET['vote'] != "up") die('<script>alert("hacker");</script>');
    include 'db.php';
    mysql_query("INSERT INTO votes VALUES ('".$_GET['vote']."')");
    die("<script>alert('Thanks for voting');</script>");
}

Upvotes: 0

Jonah
Jonah

Reputation: 10091

AJAX is the answer. I recommend using jQuery or Mootools to do it, they make it easier by several orders of magnitude.

Anyway, the way to do it is to set up a rating PHP script. It accepts an item and a rating via POST data, and uses that data to call the database. Be sure to check the authenticity of the user. Call this page with AJAX, passing the item/rating via POST.

http://api.jquery.com/jQuery.post/

http://mootools.net/docs/core/Request/Request

Upvotes: 1

Related Questions