1

Here is my program which work fine and gets user interest i.e. movie list correctly. Now I want to insert into database so I have written ajax call to do that,

Can some one tell me what's wrong with it, it does not give error but also does not insert into table.

I am posting data to movies_db.php

index.php

<!DOCTYPE html>
<html xmlns:fb="https://www.facebook.com/2008/fbml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <title>ThenWat</title>
   </head>
    <body>
        <div id="fb-root"></div>
        <script type="text/javascript">
            var button;
            var userInfo;
             window.fbAsyncInit = function() {
                FB.init({ appId: '862',
                    status: true,
                    cookie: true,
                    xfbml: true,
                    oauth: true});

               showLoader(true);

               function updateButton(response) {
                    button       =   document.getElementById('fb-auth');
                    userInfo     =   document.getElementById('user-info');

                    if (response.authResponse) {
                        //user is already logged in and connected
                        FB.api('/me?fields=id,name,movies,email', function(info) {
                        console.log(info.movies);
                            login(response, info);
                            var json = JSON.stringify(myinfo.movies.data);
                    var a = JSON.parse(json);       

                      $.post('movies_db.php',{'myd':a}, function(data) 
                    {
                        $.ajax({
                    url:'url.php'
                    ,async:     true
                    ,cache:     false
                    ,dataType:  'html'
                    ,success:   function(data){
                        $('body').html(data);
                            }
                    });        
                        });

                        });

                        button.onclick = function() {
                            FB.logout(function(response) {
                                logout(response);
                            });
                        };
                    } else {
                        //user is not connected to your app or logged out
                        button.innerHTML = 'Login';
                        button.onclick = function() {
                            showLoader(true);
                            FB.login(function(response) {
                                if (response.authResponse) {
                                    FB.api('/me', function(info) {

                                        login(response, info);
                                    });
                                } else {
                                    //user cancelled login or did not grant authorization
                                    showLoader(false);
                                }
                            }, {scope:'email,user_birthday,status_update,user_about_me'});
                        }
                    }
                }

                // run once with current status and whenever the status changes
                FB.getLoginStatus(updateButton);
                FB.Event.subscribe('auth.statusChange', updateButton);
            };
            (function() {
                var e = document.createElement('script'); e.async = true;
                e.src = document.location.protocol
                    + '//connect.facebook.net/en_US/all.js';
                document.getElementById('fb-root').appendChild(e);
            }());

            function login(response, info){

                    if (response.authResponse) {
                    var accessToken                                 =   response.authResponse.accessToken;

                    userInfo.innerHTML                             = '<img src="https://graph.facebook.com/' + info.id + '/picture">' + info.name         
                    button.innerHTML                               = 'Logout';
                    showLoader(false);
                    document.getElementById('other').style.display = "block";
                }
            }

            function logout(response){
                userInfo.innerHTML                             =   "";
                document.getElementById('debug').innerHTML     =   "";
                document.getElementById('other').style.display =   "none";
                showLoader(false);
            }

             function showLoader(status){
                if (status)
                    document.getElementById('loader').style.display = 'block';
                else
                    document.getElementById('loader').style.display = 'none';
            }
         </script>
         <button id="fb-auth">Login</button>
        <div id="loader" style="display:none">
            <img src="ajax-loader.gif" alt="loading" />
        </div>
        <br />
        <div id="user-info"></div>
        <br />
        <div id="debug"></div>
    </body>
</html>

movies_db.php This part is correct that I am sure

<?php

$con =mysqli_connect('127.0.0.1:3306', 'root', 'root', 'test');
if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: ".mysqli_connect_error();
}

foreach($_POST['myd'] as $elem){
  echo $elem['name'];
  echo $elem['id'];
  echo '<br/>';

  $ID=$elem['id'];
  $Name=$elem['name'];

  $sql = "INSERT INTO interest (movies,id) VALUES('".$Name."','".$ID."')";
             if (!mysqli_query($con,$sql))
            {
                  die('Error: ' . mysqli_error($con));
            }
}
?>
user123
  • 5,269
  • 16
  • 73
  • 121
  • have you tried checking the value of `$_POST['myd']` in `movies_db.php` ? – Reigel Gallarde Sep 26 '13 at 07:24
  • Parametrize your queries or be vulnerable to SQL injection – allen213 Sep 26 '13 at 07:24
  • @Reigel: How can I do? I performed `echo $_POST['myd']` on movies_db.php which shows nothing in page not even `echo "hi"` – user123 Sep 26 '13 at 09:33
  • @allen213:can you please elaborate? – user123 Sep 26 '13 at 09:34
  • 1
    This is bad : "INSERT INTO interest (movies,id) VALUES('".$Name."','".$ID."')"; You need something like INSERT INTO interest (movies,id) VALUES(?,?); Read this http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – allen213 Sep 26 '13 at 10:54

1 Answers1

0

Here I have added user other profile info, in same manner one can store his movie interest.

    <script type = "text/javascript">
        var userid;
        FB.init({
        //appId: '',
        appId: 'fb id',
        xfbml: true,
        status: true,
        cookie: true,
        });
        FB.getLoginStatus(checkLoginStatus);
        function authUser() 
        {
            FB.login(checkLoginStatus, {scope:'email'});
        }
        function checkLoginStatus(response) 
        {               
            if(response && response.status == 'connected') 
            {
            FB.api('/me?fields = movies,email,name,gender,locale,location,link', function(mydata)
            {
                console.log(mydata.email);
                console.log(mydata.id);
                userid = mydata.id;
                var name = mydata.name;
                gender = mydata.gender;
                locale = mydata.locale;
                city = mydata.location;
                link = mydata.link;
                //alert(name);
                var email = mydata.email;
                //var json = JSON.stringify(mydata.movies.data);
                //var a = JSON.parse(json);
                var picture = "https://graph.facebook.com/"+userid+"/picture?type = small";
                // alert(picture);
                $.post('user_record.php',{ name: name, email: email, userid:userid, picture:picture, gender: gender, locale: locale, city: city, link: link}, function(data)
                {
                    var $form = $("<form id = 'form1' method = 'post' action = 'start.php'></form>");
                    $form.append('<input type = "hidden" name = "userid" value = "'+userid+'" />');
                    $('body').append($form);
                    window.form1.submit();
                });
            });

            console.log('Access Token: ' + response.authResponse.accessToken);
            }
            else
            {
                document.getElementById('loginButton').style.display = 'block';
            }
        }
    </script>
user123
  • 5,269
  • 16
  • 73
  • 121