-1

I have set a site where I display small panels have some text on it and download button, all these data are linked from mysqli I successfully printed them but How do I Do like if button click open a link from the database depends on the button clicked,

SEE THIS IMAGE FIRST

THEN THIS

I'm developing a shop by the way, So How do I achieve this? Here's my code also:

    <?php 
$query = "SELECT * FROM `combolist`";
$results = mysqli_query($db, $query);
if ($results)
{
    
    while($row = mysqli_fetch_array($results))
    {
        echo "<div class='panel panel-primary'>";
        echo "<div class='panel-heading'><span class='glyphicon glyphicon-list-alt'></span><b>&nbsp;".$row['comboTitle']."</b>&nbsp;&nbsp;&nbsp;".$row['comboDesc']."";
        echo "<form>
  <button type='submit' name='purchase' class='btn btn-default btn-block'>Download 2&cent;</button>
  </form><b>".$row['addedDate']."</b> - Added Date";
        echo "</div>";
        echo "</div>";

   
    
  
    } 
    
}
?>

<?php
 if (isset($_GET['purchase'])) 
    {
          $inciar_sessiono = $_SESSION["username"];
          if ($credits > 2) {
            
            $credits--;
            $do_update = "UPDATE `users` SET credits='$credits' WHERE username='$inciar_sessiono'";
            $results = mysqli_query($db, $do_update);
            // ON SUCCESS OPEN LINK FROM DATABAWES?
             echo '<script type="text/javascript">
                window.open("http://google.com");
            </script>';
            
          } else {
              echo " no funds";
          }
    }
?>

<div class="panel panel-primary">
  <div class="panel-heading"><span class="glyphicon glyphicon-list-alt"></span> <b>Combolists
  </b> 
  <form>
  <button type="submit" name="purchase" class="btn btn-default btn-block">Download 2&cent;</button>
  
  </form>
  
  </div>
</div>
Dharman
  • 21,838
  • 18
  • 57
  • 107
CXMY TV
  • 3
  • 2
  • 3
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Nov 12 '20 at 11:44
  • What's the solution? how do I make it safe – CXMY TV Nov 12 '20 at 11:57
  • This is the main resource on Stack Overflow for making it safe: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – halfer Nov 12 '20 at 12:53
  • Your code should probably determine if the user is signed in, before assuming that they are. Someone could visit that URL directly without being signed in, and the result would be malformed SQL, which causes a page crash. – halfer Nov 12 '20 at 12:55

2 Answers2

1

If I understand your question correctly you need to identify which button the user is clicking on. If that is the case a hidden form field would be a good solution.

<input type="hidden" id="yourid" name="downloadlink_id" value="2">

Then you can use the value of the hidden field, in my case "2" and fetch the value using $_GET['downloadlink_id'] in a mysqli query to get the value and use it in a mysqli query.

Like this:

SELECT comboDownloadLink FROM table_name WHERE id=2

Edit: You can get the correct id and print it in your while-loop:

echo '<form>';
echo '<input type="hidden" id="yourid" name="downloadlink_id" value=".$row["id"]">';
Thomas Gabrielsen
  • 51
  • 5
  • My pleasure! I added an example on how to echo out the hidden field. Remember to close your form . Just ask if you need more help. :-) – Thomas Gabrielsen Nov 12 '20 at 12:40
  • Hey Thomas, I forgot it worked like charm thank you! – CXMY TV Nov 13 '20 at 05:25
  • My pleasure! When it comes to SQL-injections I strongly recommend read the resource in the link @halfer posted in the comment section to your question. PHP's mysqli_real_escape_string is not safe in every case, but it's still far better than nothing and it's very easy to implement. https://www.php.net/manual/en/mysqli.real-escape-string.php – Thomas Gabrielsen Nov 14 '20 at 12:09
0

So I suppose you have a link in your DB. You can add link it by $row['comboDownloadLink'] . So now if you want to add it to the button you can place the button into an <a> tag like <a href='".$row['comboDownloadLink']."' target='_blank'><button ... > </a> . Now it's redirecting your user to a blank page and starting the download.

Zyycyx
  • 46
  • 5
  • Happens :) If you're stuck get away from the problem for 10-20 minutes. Do something else. – Zyycyx Nov 12 '20 at 12:00
  • But wait because I have Credits and the download cost -2 credit for each download how do i do thaaat – CXMY TV Nov 12 '20 at 12:15
  • You can redirect them to something like "download.php?file=#", add the price to the db record and that page going to check it, and make the ,,transaction" for the user. If the transaction is finished the download will start (you can do it by a header(location: ...) in php), if there's lack of credit or an error you can print out that too on the download.php. – Zyycyx Nov 12 '20 at 13:04