I am making a system and have a part that will mess with boleto bancário. For security / privacy one user can not see the other's ticket. I make a check every time he accesses this page to see if it has any relation to that ticket ID.
Thinking about this I was going to do for GET but it would be bad because I could change the ID and access the others. So I did it for AJAX but it is not working. I want to pass the ID, load the page and show the ticket . I'm using BOLETOPHP, a ready-made project.
My AJAX Requirement
$(document).on('click', '#getBoleto', function(e) {
e.preventDefault();
var uid = $(this).data('id');
var href = $(this).attr('href');
$.ajax({
url: 'gerarBoleto.php',
type: 'POST',
data: {
id: uid
},
dataType: 'html'
}).done(function() {
window.open(href, '_blank');
});
});
PHP:
$sqlQuery = $pdo->prepare("SELECT tipe, banco, dv_agencia, agencia, dv_conta, conta, carteira, numeroBoleto FROM tbl_contaBanco WHERE id_Boleto = ?");
$sqlQuery->bindValue(1, $id);
$sqlQuery->execute();
$row = $sqlQuery->fetch(PDO::FETCH_ASSOC); // Ai eu faço os outros cálculos etc... e quero mostra o boleto
ero shows the ticket
How do I show the ticket at the end of loading? Where should you go wrong?