what's lacking on this ajax insert code?

Question

function ajaxFunction(){

    var ajaxRequest;  

    try{

        ajaxRequest = new XMLHttpRequest();
    } catch (e){

        try{
            ajaxRequest = new ActiveXObject("Msxml2.XMLHTTP");
        } catch (e) {
            try{
                ajaxRequest = new ActiveXObject("Microsoft.XMLHTTP");
            } catch (e){

                return false;
            }
        }
    }
    // Create a function that will receive data sent from the server
    ajaxRequest.onreadystatechange = function(){
        if(ajaxRequest.readyState == 4){

        //message
            var ajaxDisplay = document.getElementById('Regmessage');
            ajaxDisplay.innerHTML = ajaxRequest.responseText;


        }
    }
    var firstname = document.getElementById("firstname").value;

    var lastname = document.getElementById("lastname").value;

    var mi= document.getElementById("middle_id").value;

    var date = document.getElementById("inputField").value;

    var family =  document.getElementById("family_id").value;

    var addressv = document.getElementById("address_id").value;

    var city =  document.getElementById("city_id").value;

    var country = document.getElementById("country").value;

    var state  = document.getElementById("stateplace").value;

    var phone = document.getElementById("phonenums").value;

    var email =  document.getElementById("emailme").value;

    var insert_String = "?firstname=" + firstname + "&lastname=" + lastname + "&mi=" +

mi +"&date="+ date + "&family="+ family + "&address_id=" + addressv + "&city=" + city +  

"&country=" + country +  "&state=" + state + "&phone=" + phone + "&email=" + email ;

    ajaxRequest.open("GET", "insert.php" + insert_String, true);

    ajaxRequest.send(null); 
}

in insert.php i do it this way.it will work but when i save it they will run 1 by 1

<?php

error_reporting(0);

require_once('dataconnect.php');


if(isset($_GET['submit']))
{

$firstname= filter_input(INPUT_GET,"firstname", FILTER_SANITIZE_SPECIAL_CHARS);

$firstname = $_GET['firstname'];

$lastname= filter_input(INPUT_GET,"lastname", FILTER_SANITIZE_SPECIAL_CHARS);

$lastname = $_GET['lastname'];

$mi= filter_input(INPUT_GET,"mi", FILTER_SANITIZE_SPECIAL_CHARS);

$mi = $_GET['mi'];

$date= filter_input(INPUT_GET,"date", FILTER_SANITIZE_SPECIAL_CHARS);

$date = $_GET['date'];

$familyv= filter_input(INPUT_GET,"family", FILTER_SANITIZE_SPECIAL_CHARS);

$familyv = $_GET['family'];

$addressv= filter_input(INPUT_GET,"address_id", FILTER_SANITIZE_SPECIAL_CHARS);

$addressv =$_GET['address_id'];

$city= filter_input(INPUT_GET,"city", FILTER_SANITIZE_SPECIAL_CHARS);

$city=$_GET['city'];

$country= filter_input(INPUT_GET,"country", FILTER_SANITIZE_SPECIAL_CHARS);

$country=$_GET['country'];

$state= filter_input(INPUT_GET,"state", FILTER_SANITIZE_SPECIAL_CHARS);

$state=$_GET['state'];

$state= filter_input(INPUT_GET,"phone", FILTER_SANITIZE_SPECIAL_CHARS);

$phone=$_GET['phone'];

$state= filter_input(INPUT_GET,"email", FILTER_SANITIZE_SPECIAL_CHARS);

$email=$_GET['email'];


$firstname = mysql_real_escape_string($firstname);

$lastname = mysql_real_escape_string($lastname);

$mi = mysql_real_escape_string($mi);

$date = mysql_real_escape_string($date);

$familyv = mysql_real_escape_string($familyv);

$addressv= mysql_real_escape_string($addressv);

$city = mysql_real_escape_string($city);

$country = mysql_real_escape_string($country);

$state = mysql_real_escape_string($state);

$phone = mysql_real_escape_string($phone);

$email = mysql_real_escape_string($email);
}

$reg="INSERT INTO `tokopals_db`.`robz_customers` (`firstname`, `lastname`, `mi`, `date`, 

`familymember`, `address`, `city`, `country`, `state`, `phone_num`, `email`, `id`) VALUES 

('$firstname', '$lastname', '$mi', '$date', '$familyv','$addressv', '$city', '$country', 

'$state', '$phone', '$email', NULL)";

mysql_query($reg)or die( mysql_error());



?>

score 0 · Answer 1 · answered Jun 06 '13 at 08:09

0

You have some typos in your

$state= filter_input(INPUT_GET,"phone", FILTER_SANITIZE_SPECIAL_CHARS);

You declace $state to $_GET['phone']. Also you always filter_input a variable and then redeclare it to a $_GET-variable. E.g.

// $lastname = filtered $_GET['lastname']
$lastname= filter_input(INPUT_GET,"lastname", FILTER_SANITIZE_SPECIAL_CHARS);

// $lastname = pure, unfiltered $_GET['lastname']
$lastname = $_GET['lastname'];

Please try to optimize your code. Also for the sake of readabillity. Each statement can be written as one line: $firstname= mysql_real_escape_string(filter_input(INPUT_GET,"firstname", FILTER_SANITIZE_SPECIAL_CHARS));

it will work but when i save it they will run 1 by 1

What do you mean by that. Does your AJAX-request not work? Try to debug it using Firebug or Webdeveloper toolbar.

answered Jun 06 '13 at 08:09

ferdynator

6,245
3
27
56

i mean in saving the data base the ajax that i code will save 1 by 1 not the whole form – Optionalrobzopaw Semblante Jun 07 '13 at 13:43
to save a whole form via ajax you should use [jQuery](http://jquery.com/) and [serialize()](http://api.jquery.com/serialize/) – ferdynator Jun 08 '13 at 10:13
im not using the jquery style of ajax ,just only the plain ajax – Optionalrobzopaw Semblante Jun 09 '13 at 08:46
Checkout [this question on SO](http://stackoverflow.com/questions/11661187/form-serialize-javascript-no-framework). It show how to implement your own `serialize()` method. – ferdynator Jun 10 '13 at 08:41

what's lacking on this ajax insert code?

1 Answers1