Oh I eventually changed it to this, it seems to work although I'm not sure if it's completely secure
PHP
<?php
if(isset($_GET['offset']) && isset($_GET['limit'])){
$limit = $_GET['limit'];
$offset = $_GET['offset'];
$get = filter_input_array(INPUT_GET, FILTER_SANITIZE_STRING);
$business = $get['id'];
require("classes/Database.php");
$db = new Database;
$query = "SELECT s.town, s.street, s.streetNumber, s.region, s.postcode, s.businessName,
s.business, s.adressId, s.town, r.userId, r.review, r.reviewTitle,s.phone, s.lat, s.lon, u.username,
u.profileImgPath
FROM shopAddress as s
INNER JOIN reviews AS r ON s.adressId=s.adressId
INNER JOIN users AS u ON r.userId=u.userId
WHERE s.adressId = :business LIMIT {$limit} OFFSET {$offset}";
$s = $db->prepare($query);
$s->bindValue(':business', $business);
$s->execute();
foreach($s as $review){
?>
<section class="user-review">
<div class="review-profile"><a href="#"><img src="../../../<?php print htmlspecialchars($review['profileImgPath']); ?>" alt="user profile image"></a></div>
<div class="user-rating"><div class="rating"></div></div>
<div class="review-username"><a href="#"><?php print htmlspecialchars($review['username']); ?></a></div>
<p class="review-output"><?php print htmlspecialchars($review['review']); ?></p>
</section>
<?php }
}
Ajax
<script type="text/javascript">
$(document).ready(function(){
var flag = 0;
var getid = '<?php echo $_GET['id']; ?>';
$.ajax({
type:"GET",
url:"get_records.php",
data: {
id: getid,
'offset': 0,
'limit': 8
},
success: function(data){
$('.reviews-section').append(data);
flag += 6;
}
});
$(window).scroll(function(){
if($(window).scrollTop() >= $(document).height() - $(window).height()){
var getid = '<?php echo $_GET['id']; ?>';
$.ajax({
type:"GET",
url:"get_records.php",
data: {
id: getid,
'offset': flag,
'limit': 8
},
success: function(data){
$('.reviews-section').append(data).fadeIn("1000");
flag += 6;
}
});
}
});
});
</script>