How to obtain $_REQUEST['id'] and other fields using JSEDITABLE

Question

I am using jseditable to edit the fields of a database. I have 2 files: seg.php and upd_seg.php. In the seg.php I have the following code:

echo "<span class=\"edit_text\">$col_value and id=".$_REQUEST["id"].</span>";

With the script:

$('.edit_text').editable('upd_seg.php', {

            type : 'textarea',

            submit : 'OK',

            tooltip : 'Click to edit...'

            });

For now, all it runs without errors,and the output of seg.php is: "Hello World and id = 25"

The problem is here, on upd_seg. This is the code:

<?
$sql_update_seg = "UPDATE table_seg set inf=".$_POST['value']." where id=".$_REQUEST["id"];

echo "<script>alert('".$sql_update_seg."')</script>";

?>

When I click the text and select "ok", is shows "UPDATE table_seg set inf=HelloWorld_2 where id="

How can I get the $_REQUEST["id"] for upd_seg.php to run without errors?

Answer 1

You can send variables:

$id = $_REQUEST["id"];

$('.edit_text').editable('upd_seg.php', {

        type : 'textarea',

        submit : 'OK',

        submitdata : {id: '<?=$id_seg?>', values: '<?=$col_value?>'}

        tooltip : 'Click to edit...'

        });

And obtain the variables on updt_seg.php

<?
$sql_update_seg = "UPDATE table_seg set inf=".$_REQUEST['values']." where id=".$_REQUEST["id"];

echo "<script>alert('".$sql_update_seg."')</script>";

?>

Answer 2

If those two lines are your entire upd_seg.php then all you are doing is returning a string literal and not performing a database query.

$sql_update_seg = "UPDATE table_seg set inf=".$_POST['value']." where id=".$_REQUEST["id"];

// instantiate mysqli
$mysqli = new mysqli(...

if (mysqli_query($mysqli, $sql_update_seg) !== false) {
    // return something useful
} else {
    // return some error info
}

Note: I do not suggest using this exact code in your application as it is not safe. This is just a general idea of what needs to be done.