0

I have the following codes:

code1:

<div name="content">
    <a id="various3" href="picture.php" title="<?php echo $info; ?> " idno="5" >
        <img class="last" src="./images/page11.png" />
    </a>
</div>

code2:

<script language="javascript" type="text/javascript">
        $(document).ready(function() {
        var imagelinks = $('div[name=content] a');
        idno = imagelinks.attr('idno');
        document.getElementById("pid").value = idno;
</script>

code3:

<form id="target" method="get" action="picture.php?=">
    <input id="pid" name="pid" value="" />

code4:

<?php

$host = 'localhost';
$user = 'root';
$pw = '';
$db = 'thepillar';
$phpVar = $_GET["pid"];

mysql_connect($host,$user,$pw); 
mysql_select_db($db); 
$sql = "select pics, ext from infopics where id='$phpVar'"; 
$result = mysql_query($sql) or die('Bad query at 12!'.mysql_error()); 
while($row = mysql_fetch_array($result,MYSQL_ASSOC))
{
    $db_img = $row['pics'];
    $type = $row['ext'];
} 
$img = base64_decode($db_img); //print_r($db_img );
$img = imagecreatefromstring($img);
header("Content-Type: image/jpeg");
imagejpeg($img);
imagedestroy($img);

?>

.code1, code2, and code3 are on the same page index.php, while code4 is on another page picture.php.

the flow that i want to have is that when index.php loads code2 assigns every tag inside as imagelinks, and then declare a javascript variable idno and then sets the idno attribute in my tag in code1 as its value.

idno = imagelinks.attr('idno');

next up

document.getElementById("pid").value = idno;

this code sets the javascript variable idno as the value for the input id="pid" in my code3. as a result a textbox appears on my index.php containing the value from my code3.

.what i want to do is to pass the pid value to code4 in my picture.php and store it as the value of $phpVar

$phpVar = $_GET["pid"];

and it is performed when i click the tag inside code1 instead of using a .

Improve this question
8
  • Is this post a continuation of stackoverflow.com/questions/5160247/… ? Why not edit the first one as it is unsolved ? Commented Mar 3, 2011 at 8:29
  • 1
    Also, adding a non-existing attribute (idno) to an html element won't be working in a lot of browsers, you shouldn't do that. Commented Mar 3, 2011 at 8:31
  • 6
    You have a SQL injection vulnerability. Never use variables that the user can change ($_GET for example) in SQL queries. Use PDO instead, or if you can't use that, at least use mysql_real_escape_string() on your $sql before you do mysql_query(). Commented Mar 3, 2011 at 8:32
  • @VirtualBlackFox - yes it is. i'm so sorry for that. i'm just all confused right now for this project is for my thesis. T_T Commented Mar 3, 2011 at 8:42
  • .@itchy - i used mysql_real_escape_string() but still nothing changes. Commented Mar 3, 2011 at 9:04

1 Answer 1

Reset to default
0

Firstly, the jQuery inside $(document).ready could be written more simply like so:

$('#pid').val($('div[name=content] a').attr('idno'));

If you then want to send that to the php, you could add something like:

$('#various3 img').click(function(){
    $('#target').submit();
});

Which will submit the form when the image is clicked.

I would also second the commenter's advice regarding SQL sanitizing and not using arbitrary HTML attributes.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.