Hey I have a problem…
I would like to when a user has shared a link from my facebook app, that i get his id into my db.
The way i share the link is via the facebook dialog javascript example that i have modified
The sharing javascript code
<script>
FB.init({appId: 'xxxx', channelUrl: 'xxxx', status: true, cookie: true});
function postToFeed() {
// calling the API ...
var obj = {
method: 'feed',
link: 'https://developers.facebook.com/docs/reference/dialogs/',
picture: 'http://fbrell.com/f8.jpg',
name: 'Facebook Dialogs',
caption: 'Reference Documentation',
description: 'Using Dialogs to interact with users.'
};
function callback(response) {
xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange=function(){
if (xmlhttp.readyState==4 && xmlhttp.status==200){
document.getElementById('msg').innerHTML = "Post ID: " + response['post_id'];
document.getElementById('post').style.display = "none";
}
}
xmlhttp.open("POST","shared.php",true);
xmlhttp.send("id=xxx");
}
FB.ui(obj, callback);
}
</script>
The PHP Code
$con = mysqli_connect("xxxx","xxx","xxx","xxx");
if (!$con) {
die('Could not connect: ' . mysql_error());
};
mysqli_query($con, "INSERT INTO xxx (fb-id) VALUES (".$_POST['id'].")");
mysqli_close($con)
When I have shared the link I get the post_id, but the nothing in the db ?
Can anybody tell whats wrong ?
Invalid field name:
That looks like two fields being subtracted, not a single field. You’ll probably want to escape it with backticks to force seeing it as a single field name:
In the greature picture, you’ve got a major gaping SQL injection hole. Stop working on this code and learn about how to avoid this problem before someone destroys your server.
You’re also assuming the query succeeded, which is a bad thing to do. You’ve got error handling on the connect() call, but nowhere else. NEVER EVER assume a query has succeeded. Always check for errors afterwards.