Javascript, or Jquery and posting to php

Question

I want to send a javascript variable to a php file. What I would like to know is could you do it via this method?

Jquery:

Var UserName;
UserName = John;
$.post("InsertRunInfo.php", { UserName: UserName } );

Pass to php:

<?php
$con = mysql_connect("*****","*****","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("runtracker", $con);


$sql="INSERT INTO userinfo (UserName)
VALUES
('$_POST[UserName]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con);
?>

I hope that you correct the XSS vulnerabilities before this goes live... — Joseph at SwiftOtter, Dec 08 '12 at 21:20
Guys, this is for my learning, isnt not going live. I just need some guidence — Matt Jameson, Dec 08 '12 at 21:21
@MattJameson, then learn about [`SQL injection`](http://en.wikipedia.org/wiki/SQL_injection). It doesn't matter that your code isn't going live. But if it does some day (hopefully some day you will write code that goes live) and you don't know what SQL injection is, people might get hurt. — Darin Dimitrov, Dec 08 '12 at 21:22
By the way, what is the question? Is the code provided not working? — Vultour, Dec 08 '12 at 21:23
what you are doing is right but in your PHP you need to add quotes to the Post variable: $_POST['UserName'] — ewein, Dec 08 '12 at 21:23
Just would like to send a javascript variable to a php form. I will learn about SQL injection also. — Matt Jameson, Dec 08 '12 at 21:24
@MattJameson, if you want to learn that, did you do some research beforehand? First hit on google: http://stackoverflow.com/questions/5004233/jquery-ajax-post-example — Darin Dimitrov, Dec 08 '12 at 21:26
@ewein yes there are, in fact even if they weren't there they must be, as he is inserting a string into the database — Vultour, Dec 08 '12 at 21:27
This is what I see: $sql="INSERT INTO userinfo (UserName) VALUES ('$_POST[UserName]')"; Should be something like: $sql="INSERT INTO userinfo (UserName) VALUES ('" . $_POST['UserName'] . "')"; — ewein, Dec 08 '12 at 21:29
@ewein or you can ommit the string concat and just put curly brackets arround the $_POST['UserName'] — Vultour, Dec 08 '12 at 21:30
@ewein, he needs many things. For example he needs to understand that javascript is a case sensitive language, so `Var UserName;` is not the same as `var UserName;`. He also need to understand that `UserName = John;` is invalid javascript unless `John` is a javascript variable that has been defined previously. He probably meant `UserName = 'John';`. He needs to read tutorials about [`jquery`](http://jquery.com/) and how to get started with AJAX. — Darin Dimitrov, Dec 08 '12 at 21:41

score 0 · Answer 1 · answered Dec 09 '12 at 05:50

You can use Jquery .load(), if you want to post data to your php file, and your message"1 record added" will be loaded on same page from which you posted the data.

       <script type='text/javascript'>
         $('#formid').submit(function(){
               $('#message_div').load("processinfo.php",UserName:$('#username_input_box_id').val()})     
       });
       </script>
      <?php
       //your processinfo.php can retrieve the posted data

       $var = new secure();
       $usernam = $var->secureSuperGlobalPOST('UserName');

        //your rest of code
     ?>

Javascript, or Jquery and posting to php

1 Answers1