Ajax to PHP, not updating?

Here is my index.php file:

<script type="text/javascript">
function addHit(str){
    $.post("http://www.site.com/addclick.php", { id: str })
};
</script>

<a href="javascript:;" onClick="addHit('928'); return false;">update ID 928 with 1 click</a>

Here is my addclick.php

$id = $_POST['id'];
mysql_query("UPDATE `table` SET `x` = `x` + '1' WHERE `id` = '" . $id . "'");

If I have WHERE id = '1' it updates row 928 perfectly, but when it is set as the post variable, it doe开发者_JS百科sn't. The only thing I can think of is that the ajax call is not parsing the ID properly.

What is wrong with this?

---

Not a 100% sure, but it could be because in jquery you didn't put the the id in quotes like this:

$.post("http://www.site.com/addclick.php", { 'id': str })

It's considering that you id is a var and not the name of the variable...

Hope it helps.

---

WHy not check what $_POST is before blindly inserting it into your database? I could hack up a script that sets id = 'Robert\'; drop table students -- and kill your database.

$id = intval($_POST['id']);
$sql = "UPDATE `table` SET x=x+1 WHERE id=$id";
$result = mysql_query($sql);
if ($result === FALSE) {
    die("query failed: " . mysql_error());
}