将SQL查询与jquery变量一起使用

Question

So I am trying to do an history for my site but when i do the query select with the jquery variable it doesn't work. HERE is the table that shows the values from db and here is the pop up box that opens to show details but I want to show the values from each row that I click

Here is the jquery code:

var idocorrencia;
$(document).on("click","#listagem tr td a", function(e){
e.preventDefault();
idocorrencia = $(this).parent().attr("idlista");
$("#listagem caption").text($(this).text());
console.log(idocorrencia);
alert(idocorrencia);
$.post( "historico.php", { idoc: idocorrencia })

   $.ajax({
   method:"POST",
   url:"historico.php",
   data:{idoc : "idlista"},
   dataType: 'json',
       });
   });      

Here is the php:

$id = $_POST['idoc'];
$result = mysqli_query($conn, "SELECT id FROM ocorrencia where id=$id");
$row = mysqli_fetch_assoc($result);
$idoc = isset($_POST['idoc']) ? $_POST['idoc'] : $row['id']; 

Answer 1

Try to do it like this:

if (isset($_POST['idoc'])) {
    $id = $_POST['idoc'];
    $result = mysqli_query($conn, "SELECT id FROM ocorrencia where id='" . mysqli_real_escape_string($conn, $id) . "'");
    if($result!==false && mysqli_num_rows($result)>0){
        $row = mysqli_fetch_assoc($result);
        $idoc = $row['id'];
    }
}

UPDATE

and here is the same script with prepared statements:

if (isset($_POST['idoc'])) {
    $statement = mysqli_prepare($conn, "SELECT id FROM ocorrencia where id=?");
    mysqli_stmt_bind_param($statement, 's', $id);
    $id = $_POST['idoc'];
    mysqli_stmt_execute($statement);
    $result = mysqli_stmt_get_result($statement);
    if ($result !== false && mysqli_num_rows($result) > 0) {
        $row = mysqli_fetch_assoc($result);
        $idoc = $row['id'];
    }
}

Here I have used procedural style, as the original script was like that. But it can be easily rewritten in object oriented style.