PDA

View Full Version : Jquery to post to database



Deadweight
11-13-2013, 11:04 PM
I am currently using jquery and ofc php to post to a database. However, i dont know what im doing wrong.

here is my html:

<div id="output"><input type="text" id="username" /><span class="info"></span></div>

<div id="check"></div>

<div id="button">Register</div>

here is my Jquery:

$(document).on("click", "#button", function(){
var info = $('#username').val();
$.ajax({
type: 'POST',
url: 'save.php',
data: {username:info},
//dataType: 'html',
success: function(){
alert(info);
}
});
});

And here is my php:

$server = $_SERVER['HTTP_HOST'];
$user = "root";
$pass = "";
$db = "landr";

$table = "reg";

$con = mysqli_connect($server,$user,$pass, $db) or die('Failed to connect!');

$name = $_POST['username'];

if(mysql_query("INSERT INTO $table VALUES('$name')"))
echo "Successfully Inserted";
else
echo "Insertion Failed";

I am able to grab the information from the database i am just not able to upload the information to the database. Does anyone know my problem?
Thanks

traq
11-14-2013, 02:39 AM
Three things:

1. Have you checked that the value of $_POST['username'] is what you expect?

Likewise, since your query is failing, have you checked what error message is being returned from the DB?

2. Your code is vulnerable to SQL Injection Attacks and/or unintentional errors. Never place user input directly in an SQL query!

3. The mysql_* functions are deprecated (observe, the pink box of doom (http://php.net/mysql_connect)). If at all practical, you should use mysqli (http://php.net/mysqli) or PDO (http://php.net/pdo).

Deadweight
11-14-2013, 02:43 AM
1) im trying to send the jquery information to php without reloading the page.
2) You dont see all of my coding actually
3) I forgot to change that to mysqli. thanks for the reminder

traq
11-14-2013, 02:52 AM
I hope my post above didn't come off as too "blunt." I mean to be constructive, here. :)


1) im trying to send the jquery information to php without reloading the page.
Right - but you're still sending a response, so -during development at least- include the value and/or error message with the failure response.


2) You dont see all of my coding actually
I see

$name = $_POST['username'];
and

if(mysql_query("INSERT INTO $table VALUES('$name')"))
right next to each other. If you simply omitted a line from your example for some reason, then I'm glad to hear you've got it covered. Either way, it bears mentioning.

Deadweight
11-14-2013, 08:52 AM
The problem is that I can not check the value that is being sent. I'm trying to send a value from JQuery to PHP under the value $_POST['username'] getting the value from the id='username'

JQuery grabs the value from text box username then it sends the value that it has taken and send to save.php as $_POST['username'].
I dont know if that makes sense.

It still connects to the mysqli_queue because it pops out the value. I guess one thing i can do to check if it works or the error message is echo as json and make the json print out onto the page.

Also, i used JQuery to check the validation of the textbox. You will not be able to hit the button unless everything is correct.

traq
11-14-2013, 08:07 PM
The problem is that I can not check the value that is being sent. I'm trying to send a value from JQuery to PHP under the value $_POST['username'] getting the value from the id='username'

JQuery grabs the value from text box username then it sends the value that it has taken and send to save.php as $_POST['username'].
I dont know if that makes sense.

It still connects to the mysqli_queue because it pops out the value. I guess one thing i can do to check if it works or the error message is echo as json and make the json print out onto the page.
Exactly.

Did you try? What was the error?


Also, i used JQuery to check the validation of the textbox. You will not be able to hit the button unless everything is correct.
Of course I could.

JavaScript is for convenience, not security. Your javascript code runs on the user's browser and is under the complete control of the user. It can be changed, it can be turned off. I could even make my own form and submit it to your script myself, without even needing to visit your website. You always need to validate and sanitize user input on the server.

djr33
11-15-2013, 12:05 AM
...I could even make my own form and submit it to your script myself, without even needing to visit your website. ...As far as I know, that's what bots do most of the time, for example.