0

Hi there, I'm trying to create a button that toggles an sql query. I have a navigation bar with certain elements hidden by the admin, the admin can preview the page and there's a toggle button to hide or show the items that are marked as hidden.

            $sql = "select href, pageid, navname, name, url from tblpage where hide<>1 and parentid=-1 and (project=0 or project is NULL) order by disorder";
            if($_SESSION["userid"] > 0){
            ?>
                <a class="navtoggle" href="javascript:"><img class="navtogimg" src="http://<?=DOMAIN?>/cms_content/images/navshow.png" width="177" height="86" alt="show hidden navigation items" /></a>

            <?php
                $sql = $_POST['sql'];
            }
            $sqlstmtt = $GLOBALS["db1"]->prepare($sql); 
            $sqlstmtt->execute();

My idea was to toggle the button image with jquery and change the $sql variable. Of course, client side vs. server side and all that I found out I need to use ajax. That led me to creating this function but seeing as it doesn't seem to work properly I must have something done wrong.

            $(document).ready(function(){
                $(".navtoggle").toggle(function(){
                    $(".navtogimg").attr("src","http://<?=DOMAIN?>/cms_content/images/navhide.png");
                    $.post("top.php", { sql: "select href, pageid, navname, name, url from tblpage where and parentid=-1 and (project=0 or project is NULL) order by disorder" });

                },function(){

                    $(".navtogimg").attr("src","http://<?=DOMAIN?>/cms_content/images/navshow.png");
                    $.post("top.php", { sql: "select href, pageid, navname, name, url from tblpage where hide<>1 and parentid=-1 and (project=0 or project is NULL) order by disorder" });
                })

             });

Edited by dyingatmidnight

3
Contributors
3
Replies
5
Views
5 Years
Discussion Span
Last Post by dyingatmidnight
0

The post is probably fine, but your javascript will have to capture and display the output from the post.

$.post("top.php", { sql: "..." }, function(data){ process the result here });
0

From a security standpoint, you should never reveal DB structure client-side.

When you load the page, establish if user is logged in as admin, then in the javascript you can hide and reveal the items using $(".adminclass").css({"display":"none"}); and $(".adminclass").css({"display":"block"}); according to a local javascript variable value which is toggled programmatically and dependant upon the value passed in to indicate if the user is admin or not!.

Pressing the button calls the javascript function that updates the toggled status flag and hides or shows the items.

Edited by plane007: spelling

0

Thanks a lot. I got it working and all without passing the DB info to the client side, so ya for that.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.