:)
I'm hoping to make a very simple rating system. It won't consist of anything like averages, it's literally vote up or vote down, so if there's more votes down it'll go into a minus stance.
What I'd like is for when the links to vote up/down are clicked, the page isn't refreshed, just that rating number.开发者_开发知识库 I'm guessing I can do this with JavaScript's append once it calls the new data, however I've no idea how to run the MySQL query with JavaScript.
From what I understand, this isn't all that safe so I'm hoping I can run it from a PHP file?
Can anyone tell me how to do this please?
You have to have the SQL update query in a PHP file and execute that PHP script via AJAX. For example:
In PHP:
$page_id = mysql_real_escape_string(html_entities($_POST['page_id']));
$rating = mysql_real_escape_string(html_entities($_POST['rating']));
mysql_query(" UPDATE ratings(vote) VALUES ('$rating') WHERE id = '$page_id' ");
AJAX (assuming you are using jQuery):
function rate(rating, page_id)
{
$.ajax({
url: 'path/to/php_script.php',
type: 'post',
data: 'rating='+rating+'&page_id='+page_id,
success: function(output)
{
alert('success, server says '+output);
}, error: function()
{
alert('something went wrong, rating failed');
}
});
}
HTML:
<form>
Like: <input type="button" value="Like" onClick="rate(1, $_GET['page_id'])" />
<br />
Hate: <input type="button" value="Hate" onClick="rate(2, $_GET['page_id'])" />
</form>
To do that, you use javascript to issue an asyncronous call (ajax) to a php file, which in turn runs the query to update the db, and returns a response to the javascript. Then you use that response to update the user interface. It's not safe to expose the query in javascript, so make sure the query itself is in the php file.
I personally recommend using jQuery's Ajax utilities for easy, cross-browser ajax.
AJAX is the answer. I recommend using jQuery or Mootools to do it, they make it easier by several orders of magnitude.
Anyway, the way to do it is to set up a rating PHP script. It accepts an item and a rating via POST data, and uses that data to call the database. Be sure to check the authenticity of the user. Call this page with AJAX, passing the item/rating via POST.
http://api.jquery.com/jQuery.post/
http://mootools.net/docs/core/Request/Request
Yes, you can run it from PHP file and you can call PHP file from ajax. Easy example
<?php
if ($_GET['vote']){
if ($_GET['vote'] != "down" && $_GET['vote'] != "up") die('<script>alert("hacker");</script>');
include 'db.php';
mysql_query("INSERT INTO votes VALUES ('".$_GET['vote']."')");
die("<script>alert('Thanks for voting');</script>");
}
html_entities() does not exist. Try htmlentities() I also found that mysql_real_escape_string{} prevented the input from being picked up.
The javascript doesn't work. No way to work out why, as it does it silently, as always.
精彩评论