I send values from php to script
<img src=\"images/add.jpg\" onclick='add_program_user(".$value['id_program'].",".$value['min_age'].",".$value['max_age'].")' onmouseover=\"this.style.cursor='pointer'\" />
The script is:
function add_program_user(id_program){
var str="./add_program_user.php?p1="+id_program+"&p2="+min_age+"&p3="+max_age;
window.location=str;
}
What I would like to do is check in add_program_user.php if the user has the correct age range. My not working code is:
$query = "SELECT age FROM user WHERE user.mail = '".$_SESSION['logged_user_mail']."'";
$res = @mysqli_query($con,$select_query) or die('Error, query1 failed');
$num_res = mysqli_num_rows($res);
if($age< min_age || $age> max_age){
echo '<html><meta charset="UTF-8"><script language="javascript">alert("Wrong age range."); document.location="user_programs.php";</script></html>';
}
Any help? Thanks in advance.
I'd like to suggest some changes to the image section. This just simply makes it easier to read (IMO).
What I have done is to just wrap the array values in curly braces ({}) which means that you don't have to concatenate the string with the full stop, which I find easier to read. Note that it is only available when using the double quotes ".
So what that means is add_program_user(".$value['id_program']."," becomes add_program_user({$value['id_program']},
echo "<img src=\"images/add.jpg\" onclick=\"add_program_user({$value['id_program']}, {$value['min_age']}, {$value['max_age']})\" onmouseover=\"this.style.cursor='pointer'\" />";
My second note would be regarding your JavaScript function. As Patrick Manser said in the comments, you were only passing one argument to the function, but trying to get 3 from it. This is easily rectified by changing the function to the following.
function add_program_user(id_program, min_age, max_age) {
var str = "./add_program_user.php?p1=" + id_program + "&p2=" + min_age + "&p3=" + max_age;
window.location = str;
}
Finally, you didn't use the $ for the variable names (i.e. $min_age in the if statement).
So, I propose the following edits to the PHP script.
I'd also suggest using prepared queries in your future queries.
<?php
// store the get variables
$id_program = $_GET["p1"];
$min_age = $_GET["p2"];
$max_age = $_GET["p3"];
$query = "SELECT age FROM user WHERE user.mail = '{$_SESSION['logged_user_mail']}'";
$res = @mysqli_query($con, $query) or die('Error, query1 failed');
$num_res = mysqli_num_rows($res);
// ensure only one user is selected
if ($num_res == 1)
{
$age = mysqli_fetch_array($res, MYSQLI_ASSOC); // store the data
// check the age range
if ($age < $min_age || $age > $max_age)
echo '<html><meta charset="UTF-8"><script language="javascript">alert("Wrong age range."); document.location="user_programs.php";</script></html>';
}
?>