Index.php file

<?php include_once("bd.php"); $resultat = mysql_query("SELECT * FROM users WHERE id='$_GET[id]'"); $array = mysql_fetch_array($resultat); ?>

For each user at the end of your id (example.com?id=1)

 <div id="button"></div> </div> <script src="js/button.js"></script>

File time.php

Connection to the database, where data is selected by id and the corresponding data is inserted into the button

 <?php include_once("bd.php"); $resultat = mysql_query("SELECT * FROM users WHERE id='$_GET[id]'"); $array = mysql_fetch_array($resultat); ?>

The function to insert the button itself

 <?php do{ echo "<a style='display:".$array['active1']."; ' class='button' href='".$array['url1']."' target='_blank'>".$array['url_name1']."</a>"; } while($array = mysql_fetch_array($result)); ?>

Js file

I get the page parameter from the link itself (example.com?id = ...)

 function getUrlVars() { var vars = {}; var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) { vars[key] = value; }); return vars; } var id_user = getUrlVars()["id"]; function show(){ $.ajax({ url: "time.php", data: 'id=id_user', cache: false, success: function(html){ $("#button").html(html); } }); } $(document).ready(function(){ show(); setInterval('show()',1000); });

The time.php file also goes for each user ( time.php? Id = ... ), how to make a request that when entering the page ( index.php? Id = 15 ) a request was sent to the time.php file with the same parameters ( time.php? id = 15 ).

Now the request is sent clumsily ( time.php? Id = id_user & _ = 1488322194611 ), but should be sent like this ( time.php? Id = number equal to the id file of the index) for 3 days dug all Google and could not find anything like that. Help please, I will be very grateful!

  • data: 'id='+id_user, - Igor

2 answers 2

First, read the following comment: https://ru.stackoverflow.com/a/633878/238901 . It is relevant to your example in many ways: embedding raw user data in the request text (a huge security hole) and using an outdated data provider (mysql_ * instead of mysqli_ * or pdo_ *).

Second, to transfer the data in the request, use the following syntax:

 $.ajax({ url: "time.php", data: { id: id_user, name: name_user // Просто в качестве примера }, cache: false, success: function(html){ $("#button").html(html); } });

Third, I would recommend rewriting the SQL query as follows:

 SELECT active1, url1, url_name1 /* Добавьте другие поля, если необходимо*/ FROM users WHERE id=? LIMIT 1;

This, of course, is not about splitting into lines, but about not using *, but always indicating all the necessary fields explicitly. In addition, the LIMIT 1 restriction will give you a guarantee that the query will always return no more than one record, even if there is something wrong with the condition (in your original example, if '0 OR TRUE' comes in GET, the entire table will be unloaded wholly).

Finally, fourth, it is better to start the query execution with prepare:

 if ($stmt = mysqli_prepare($link, $query)) { /* связываем параметры с метками */ mysqli_stmt_bind_param($stmt, "s", $user_id); /* запускаем запрос */ mysqli_stmt_execute($stmt); /* связываем переменные с результатами запроса */ mysqli_stmt_bind_result($stmt, $active1, $url1, $url_name1); /* получаем значения */ mysqli_stmt_fetch($stmt); /* закрываем запрос */ mysqli_stmt_close($stmt); }

This has two objectives: protection against SQL injections and more efficient execution of queries due to the possibility of caching execution plans on the DBMS side.

  • The data that the user inserts processes another file. Special thanks for LIMIT 1 , I will use it. - Slam Streetwear

Thank you, Igor.

Solved the issue with this method

 data: 'id='+id_user,