Geek Answers Handbook

Database Update Using Hyperlink

I am wondering if the database can be updated with a hyperlink. On my website, I am trying to update the user's location in the game world. Places are represented by numerical values.

Example:

1 = Camp
2 = City
3 = Forest

To do this, I created a PHP function:

function updatePlayerLocation($location) { mysql_query("UPDATE ss_character SET location='$location' WHERE id='".$_SESSION['id']."'"); }

This function is then called in the onClick function of the link, as shown below:

 echo "<a href=\"play.php?p=location_0\" onclick='updatePlayerLocation(0)'>" . $possibleLocations[0] . "</a><br />";

The $ possibleLocations array contains all the locations a user can be in, from 0 to 10.

The link seems to work when the page loads, it just doesn't execute the MySQL query. My previous research suggested using AJAX, but since the page needs to be updated, I wonder if there is an alternative.

Thanks for your time and suggestions! :)

+4
source share
2 answers

First, you need to check the input, and your code will be available for sql injection . Check How to prevent SQL injection in PHP?

Please do not use the mysql_* functions in the new code . They are no longer supported and are officially outdated . Read more about prepared instructions and use PDO or MySQLi

So, keeping in mind, here is a PDO script that does the same thing, and I understand its path longer, but you can use it as a class if necessary, as this is just an example.

 <?php // create connection to database $conn = new PDO('mysql:dbname=DATABASE_NAME;host=localhost;port=3306', USERNAME, PASSWORD); // prepare query $pdo = $conn->prepare("UPDATE ss_character SET location = :location WHERE id = :session_id"); // set up parameters $params = ['location' => (int)$_POST['location'], 'session_id' => $_SESSION['id']]; // loop through the paramaters to determine the type foreach ($params as $key => $value) { switch ($value) { case is_int($value): $param = PDO::PARAM_INT; break; case is_bool($value): $param = PDO::PARAM_BOOL; break; case is_null($value): $param = PDO::PARAM_NULL; break; default: $param = PDO::PARAM_STR; break; } // bind paramter to query $pdo->bindValue(":$key", $value, $param); } // execute the query $result = $pdo->execute($params); // echo result for ajax echo ($result) ? true : false;

And you need some jQuery to do ajaxing for you so that the page doesn't reload

 <script> function updatePlayerLocation(location) { // ensure location is numeric or stop if !isNaN(location) return false; // update location via ajax $.ajax({ url: 'http://your_url/to/php/script.php', type: 'POST', data: 'location=' + location, success: function(data) { // log result to console for error trapping purposes console.log(data); } }); // stop link from being processed return false; } </script>

HTML of course includes jQuery , the script above and at least one link:

 <a href="#" onclick="return updatePlayerLocation(0);">Location name</a><br />
+4
source

By clicking the hyperlink, you execute a GET request on the server. Since you are already sending a parameter with your request for receipt, you can do the following in your PHP code:

 if(isset($_GET['p'])){ $location = $_GET['p']; $number = preg_replace("/[^0-9]/", '', $location); updatePlayerLocation(intval($number)); }

Please note that this will be executed every time the web page is refreshed, so it may be desirable for the above code to be placed on another PHP page and then redirected to play.php with the same parameters that were passed as before.

+1
source

More articles:


All Articles