I'm trying to open a video that corresponds to the thumbnail that was clicked. However when I'm directed to the page in which the video is supposed to appear, I get an error,
Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'SELECT v_id FROM video WHERE image_name = \'$image_name\'\') ?>'
below is the page where the image is clicked,
<?php
$query=mysqli_query($link, "SELECT * FROM video ORDER BY RAND() LIMIT 5");
while($all_video=mysqli_fetch_array($query))
{
?>
<a href="watchScreen.php? $v_id=mysqli_query($link, \'SELECT v_id FROM video WHERE image_name = \'$image_name\'\') ?>" onclick="open()" ><image src="thumbnails/<?php echo $all_video['image_name']; ?>" id="img" width="300" height="200"/></a>
<script type="text/javascript">
function open() {
var nameImg = document.getElementById("img").src;
nameImg = "<?php $image_name ?>";
}
</script>
<?php } ?>
Newxt is the watchScreen.php,
<?php
include "config.php";
session_start();
$_SESSION['v_id']=$_GET['$v_id']
$vid_id = $_SESSION['v_id'];
$myquery=mysqli_query($link, "SELECT video_name FROM video WHERE v_id=$vid_id");
while($my_video=mysqli_fetch_array($myquery))
{
?>
<video width="60%" height="60%" style="background-color:#585858; border: 4px solid darkorange; border-radius:20px;" controls>
<source src="uploads/<?php echo $play_vid['video_name']; ?>" type="video/mp4">
</video>
<?php } ?>
Below is the mySQL table,
CREATE TABLE video(
v_id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
video_name VARCHAR(225) NOT NULL,
id INT NOT NULL,
FOREIGN KEY user_id(id)
REFERENCES users(id)
ON DELETE CASCADE,
n_views INT,
image_name VARCHAR(225) NOT NULL
);
I'm now trying to figure out how I can send the name of the clicked image to watchScreen.php.
I'd suggest, if I understood correctly, perhaps trying an approach like the following.
So it appears you simply need to send the vid value in the request to watchScreen.php which you obtain in the initial query. As the query returns all columns you can pick and choose which columns/fields you include in the HTML quite easily without the need for the erroneous query you had before.
<?php
$query=mysqli_query($link, "SELECT * FROM video ORDER BY RAND() LIMIT 5");
while($all_video=mysqli_fetch_array($query)){
printf('
<a href="watchScreen.php?$v_id=%d" onclick="open(event)">
<img src="thumbnails/%s" width=300 height=200 />
</a>',
$all_video['v_id'],
$all_video['image_name']
);
}
?>
<script>
/*
The `open` function doesn't actually do anything as it was...
Also, every ID MUST be unique... but there is no need to
assign an ID in this case as the image is a direct child
of the `a` so can be accessed in a number of ways.
*/
function open(e){
var img = e.target.querySelector('img');
alert( img.src );
}
</script>
To process the request, because it has user input ( GET ), you really, really, really should use a prepared statement to try to avoid SQL injection attacks.
<?php
session_start();
include "config.php";
if( !empty( $_GET['$v_id'] ) ){
$vid = $_SESSION['v_id'] = $_GET['$v_id'];
$sql='SELECT video_name FROM video WHERE v_id=?';
$stmt=$link->prepare( $sql );
$stmt->bind_param('i', $vid );
$res=$stmt->execute();
if( $res ){
$stmt->store_result();
$stmt->bind_result( $videoname );
$stmt->fetch();
/* a literal `%` in either `printf` or `sprintf` should be escaped with another `%` ... */
printf('
<video width="60%%" height="60%%" style="background-color:#585858; border: 4px solid darkorange; border-radius:20px;" controls>
<source src="uploads/%s" type="video/mp4">
</video>
', $videoname );
}
} else {
exit('missing ID');
}
?>
None of the above has been tested so you may find some errors ( hopefully not too many though ) - hope it'll help