Update MySQL Value Through Img Src Variable Including jQuery

Thank-you to all who have helped me over the last few days.. Unfortunately I was working so I couldn't get back to you. I have included some code into what I thought would work, but for some reason the below code will not update in my SQL Database. I will provide the code and it's output if someone could please copy the code and see why it's not working... It's really doing my head in! Haha!

(The connection to the MySQL db + table is working fine).

// admin.php
<a href="#" id="chngeHref" /><img src="<?php echo "image.php?url=" . $row[2]; ?>?tid=<?php echo $row[0]; ?>&opn=<?php echo $row[1]; ?>" id="chnge" /></a>
// image.php?url=image.jpg?tid=3&opn=1

I was advised to do it this way to make it easier for me to pass the variables (tid and opn) through the process.

// update.php

$tid  = $_GET['tid'];
$opn  = $_GET['opn'];

if ($opn == "0") { $opn = "1"; } elseif ($opn == "1") { $opn = "0"; } 

mysql_query("UPDATE catalogue SET opn = $opn WHERE tid = $tid ; ");   

mysql_close(); 

// it's just a simple script to change a variable from 1 to 0 or 0 to 1 where tid = a specific number...

I have my jQuery stuff all tucked away in a lovely little file, because there is alot of it...

// navigate.js


$.extend({
 getUrlVars: function() {
  var vars = {};
  var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) { vars[key] = value; });
 return vars;
 }
});


$("#chngeHref").click(function() {
 var tid = $.getUrlVars()['tid'];
 var o开发者_运维百科pn = $.getUrlVars()['opn'];

 $.ajax({
  type: "POST",
  url: "update.php",
  data: "tid="+ tid +"& opn="+ opn,
  success: function(){ 
   $('#chnge').fadeTo('slow',0.4);
   }
  });
 });    

The .extend code i found on the net which finds the parameter and value of all those in the address line. I THINK this is where my issue might be, because the top code is never actually sending it to the address bar, it's being sent through jQuery to the update.php file.

I can only say thank-you soooo much in advance to anyone who can assist in this.

Phillip.

---

There are a few issues here bsides the SQL Injection vulnerability Nathan mentions, namely you're POSTing, so you need to use $_POST rather than $_GET to retrieve your variables. Also you have an extra space in the data block, this:

data: "tid="+ tid +"& opn="+ opn,

should be:

data: "tid="+ tid +"&opn="+ opn,

or a bit cleaner using object notation (so it also gets properly encoded):

data { tid: tid, opn: opn },

---

For the SQL Injection issue, instead of this:

mysql_query("UPDATE catalogue SET opn = $opn WHERE tid = $tid ; "); 

At the very least escape the values, like this:

$tid = mysql_real_escape_string($_POST['tid']);
$opn = mysql_real_escape_string($_POST['opn']);

Or, go the parameterized query route, which is what I'd prefer.