1

I've been struggling with this since months, and finally got to the point I need to fix it on my project.

The thing is, I'm sending an ajax request to a php file where I need to read the current $_GET['user_id'] value in order to insert a query. But php just won't read $_GET['user_id'] value from the current URL address, like if it doesn't exist.

This is driving me crazy, since I don't know any other methods that can achieve the desired result which is following a user account.

Here's the piece of code, which is meant for explanation purposes only:

// PHP

<?php
require_once "db.php";

$query = "INSERT INTO followers(follower, following) ";
$query .= "VALUE('{$_SESSION['id_user']}','{$_GET['user_id']}' )";
$result = mysqli_query($connect_db, $query);

?>

// AJAX

<script>
    $('.js-follow_user_btn').click(function(){
            follow_unfollow_action();
        });


        function follow_unfollow_action(){

            $.ajax({
                type: 'POST',
                url: 'follow_user.php',
                success: function(data) {
                    alert('done');
                }
            });

        }
</script>
Ed91gg
  • 167
  • 1
  • 12
  • 4
    Because you're sending a post request. Use $_POST or change your request to GET in ajax. Also doesn't appear you're even sending any parameters. – Chad Aug 27 '18 at 17:31
  • 7
    You're also wide open to SQL injection. Learn to use parametrized queries instead of substituting variables. – Barmar Aug 27 '18 at 17:32
  • I think that's a typo problem, the question should be closed. – ths Aug 27 '18 at 17:33
  • @Barmar Thanks! The code is meant for demostration only, the code in the app is way secure! – Ed91gg Aug 27 '18 at 17:38
  • @Luminoslty It didn't work.. The thing is I want to read the GET parameter from php, not from JS. – Ed91gg Aug 27 '18 at 17:39
  • @Luminoslty I'm not sending parameters from JS, the user_id parameter is already in the current url address – Ed91gg Aug 27 '18 at 17:41
  • Did you try var_dump($_GET); and realize there are zero get values? Which would hint it is a javascript problem. Also, instead of alerts, you might try console.log, and open your console... a very useful tool. You might look at the network tab to see what you are sending and receiving from the server. – Andrew Aug 27 '18 at 17:44
  • @Andrew The alert is just to show something on success.. the real code of the app doesn't returns an alert. Plus, I've already played too much with my console to figure out what's happening, and I'm already checking my network tab on every request, it always returns 200... the query gets inserted into the db BUT the $_GET['user_id'] value from the current URL that the user is at... the value is THERE.. The procedure is, a user finds another user profile, and click on the "follow" button to start following THAT user, which user_id is set in the current URL. I don't know what it returns empty. – Ed91gg Aug 27 '18 at 17:54
  • 1
    Where is your data? – unixmiah Aug 27 '18 at 18:03
  • var dump $_GET, $_SESSION and $query right before $result, you should see your answer instantly. – Andrew Aug 27 '18 at 18:04
  • @unixmiah I'm not sending any data, I'm just requesting the PHP code to run whithout sending any data from JS. I'm trying to get PHP to read the GET value from the URL where the user is currently at, which it does exist. – Ed91gg Aug 27 '18 at 18:07
  • @Andrew I've done it, everything works but the $_GET.. I'm trying to read the $_GET value from the PHP file itself, not sending the value from JS – Ed91gg Aug 27 '18 at 18:08
  • @Ed91gg but you're running the js file first? you may need to pass in the GET from the first file that you're running to the PHP. – unixmiah Aug 27 '18 at 18:11
  • the query string is read from url: 'follow_user.php', not from the browser url. – Andrew Aug 27 '18 at 18:18
  • @Andrew thanks!! That's what I just figured out, just as some other pointed out on the answers! Can't believe it was something too simple. thank you! – Ed91gg Aug 27 '18 at 18:30

6 Answers6

2

First of all, you need to change your method from GET to POST, as people already pointed out.

Second, you need to actually specify the user_id parameter in the URL. Encode the parameter using the urlencode function:

<script>
    $('.js-follow_user_btn').click(function(){
            follow_unfollow_action();
        });


        function follow_unfollow_action(){

            $.ajax({
                type: 'GET',
                url: 'follow_user.php?user_id='.urlencode($user_id),
                success: function(data) {
                    alert('done');
                }
            });

        }
</script>

Remember to urldecode the parameter in your follow_user.php script.

José A. Zapata
  • 849
  • 4
  • 12
  • I'm trying to read the GET parameter from PHP. That parameter value is already set in the current URL where the user is currently at. Shouldn't PHP be able to read this? Or I should definitely send the parameter value from JS as you proposed? – Ed91gg Aug 27 '18 at 18:01
  • You should definitely send the parameter in the URL. PHP won't automatically pass variables from one request to another. – José A. Zapata Aug 27 '18 at 18:10
  • @Ed91gg AJAX requests are completely independent of the original page, none of the page's URL parameters are sent. – Barmar Aug 27 '18 at 19:41
2

You are trying to access the $_GET url param from the php file which isn't being run directly from the browser.

In order for you to use the value in your php ajax call you need to use this method to get the value

$.ajax({
    type: 'POST',
    url: 'follow_user.php',
    data: { user_id: user_id },
    success: function(data) {
        alert('done');
    }
});


//follow user
<?php
require_once "db.php";

$query = "INSERT INTO followers(follower, following) ";
$query .= "VALUE('{$_SESSION['id_user']}','{$_POST['user_id']}' )";
$result = mysqli_query($connect_db, $query);

?>
unixmiah
  • 2,808
  • 1
  • 8
  • 25
  • thank you very much, as someone just mentioned something like this earlier.. I now made my code work.. I was a bit messed up with something basic. thanks a lot! – Ed91gg Aug 27 '18 at 18:29
1

The PHP $_GET superglobal is populated with data from the query string of the URL requested (regardless of the HTTP method used to make the request).

This is the URL you are using:

url: 'follow_user.php',

There is no query string on it at all.

Possibly you are expecting it to copy the query string from the page hosting the JavaScript. It doesn't work like that, you need to provide the data explicitly.

A little aside:

You are inserting data into the database. You should be using a POST request for this (and you are) but you should be passing the data in the request body (otherwise you are very likely to accidentally create something that improperly responds to a GET request.

So first things first: Change the PHP to use $_POST instead of $_GET.

While you are editing it, your PHP is dangerously vulnerable to SQL injection attacks. You need to learn how to defend your code from them.

OK, so next you need to get the data from the query string of the current page.

You can read it in JavaScript. This answer explains a few approaches.

Once you have the data, you can put it in the request:

var user_id = (new URL(url_string)).searchParams.get("user_id");
// See the answer linked above to see how this works and for compatibility with old browsers

$.ajax({
    type: 'POST',
    url: 'follow_user.php',
    data: { user_id: user_id },
    success: function(data) {
        alert('done');
    }
});

… remember, this puts it in the request body so you'll need to read it with $_POST and not $_GET.

Quentin
  • 800,325
  • 104
  • 1,079
  • 1,205
  • What an answer! Thank you! Didn't quite know that GET superglobal will only listen to the requested URL string.. You saved my life! Can't believe I didn't see that, I feel like a noob. Thanks a lot for the whole answer!! – Ed91gg Aug 27 '18 at 18:22
0

Just change POST by GET in your code + pass the vars in data or in the URL

 $.ajax({
    type: 'GET',
    url: 'follow_user.php',
    data: { user_id: "XXXXXX"}
    success: function(data) {
        alert('done');
    }
 });

Or better ! Let POST in your JS code and get the var with $_POST + pass the data

Stéphane M
  • 124
  • 6
  • Already did that, and still doesn't work. PHP is not reading the GET parameter from the current url the user is at – Ed91gg Aug 27 '18 at 17:44
  • 1
    can you use this url: 'follow_user.php?user_id='.urlencode($user_id), in the url – unixmiah Aug 27 '18 at 18:08
-1

In your ajax request, you are using the POST method type, which will be received in php's $_POST superglobal. If you want to get it via get, change it to GET method type, but since you are sending information to your database, I believe you better stick with POST.

Semantically speakin in web slang POST is to "save" data and GET is to obtain resources.

Cheers!

Raziel Ravenheart
  • 44
  • 5
  • "you are using the POST method type, which will be received in php's $_POST " — That isn't really true. Which superglobals data is put into depends more on where the data is than the request method. The main problem is that the data isn't anywhere on the request at all. – Quentin Aug 27 '18 at 18:24
-1

Because you have type: 'POST', in ajax call, make it type: 'GET', or remove that line by default, the call is of GET method

Danyal Sandeelo
  • 11,068
  • 6
  • 37
  • 64
  • It still doesn't work.. I don't know why PHP is not reading the 'user_id' parameter in the current URL address that the user is currently at, which is the profile of someone else which is currently trying to follow. – Ed91gg Aug 27 '18 at 17:42
  • 1
    because you are not passing any parameter with user_id – Danyal Sandeelo Aug 27 '18 at 17:44
  • I'm not passing any parameters with JS.. The parameter is already set with a value. Once a user visits another user profile, the current url will contain the user_id parameter of THAT user.. Which I intend to use, but it stills return empty, which is not! :( – Ed91gg Aug 27 '18 at 17:57
  • you can do sth like this `url: 'follow_user.php?user_id='+JS_USER_ID_VAR_VALUE,` – Danyal Sandeelo Aug 27 '18 at 18:02