Unable to pass value to php POST via javascript

Question

I am trying to update the text from textbox to database using the onclick event and calling a javascript function.

This is the javascript code

function send_post() 
{

    var hr = new XMLHttpRequest();
    var url ="send_post.php";
    var fn = document.getElementById("post").value;

    var vars = "post="+fn;
    hr.open("POST",url,true);

    hr.setRequestHeader("Content-type","application/x-www-form-urlencode");
    hr.onreadystatechange = function() {
        if (hr.readyState == 4 && hr.status ==200) {
            var return_data = hr.responseText;
            document.getElementById("status").innerHTML = return_data;

        }
    }
    hr.send(vars);
    document.getElementById("status").innerHTML = fn;

}

This is the php file code

<?php include 'inc/connect.inc.php'; 

$post =@$_POST['post'];
if ($post != "") {
    $date_added = date("Y-m-d");
    $added_by = "test123";
    $user_posted_to = "test123";

    $sqlCommand = "INSERT INTO posts VALUES('','$post','$date_added','$added_by','$user_posted_to')";
    $query = mysql_query($sqlCommand) or die (mysql_error());
}
else{
    echo "Write something to post.";

}

?>

But I get this error from the php :

Undefined index: post on line 3

What does this line return: `var fn = document.getElementById("post").value;` Is it undefined? — anthonygore, Jan 19 '14 at 21:22
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 19 '14 at 21:37

score 0 · Accepted Answer · answered Jan 19 '14 at 21:47

0

The MIME type you are trying to use is application/x-www-form-urlencoded (with a d on the end).

PHP doesn't know how to parse data encoded as application/x-www-form-urlencode (without the d) so it doesn't populate $_POST for your code.

answered Jan 19 '14 at 21:47

Quentin

914,110
126
1,211
1,335

phpCore · Answer 2 · 2014-01-19T21:53:17.123

-1

Javascript part:

<script>
function getXMLObject(){
 var xmlHttp = false;
 try {
  xmlHttp = new ActiveXObject("Msxml2.XMLHTTP")
 }
 catch (e) {
  try {
   xmlHttp = new ActiveXObject("Microsoft.XMLHTTP")
  }
  catch (e2) {
   xmlHttp = false
  }
 }
 if (!xmlHttp && typeof XMLHttpRequest != 'undefined') {
  xmlHttp = new XMLHttpRequest();
 }
 return xmlHttp;
}

var xmlhttp = new getXMLObject();

function send_post() {
 if(xmlhttp) {
  var post = document.getElementById("post").value;
  xmlhttp.open("POST","send_post.php",true);
  xmlhttp.onreadystatechange = resultPost;
  xmlhttp.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
  xmlhttp.send("post=" + post);
 }
}

function resultPost() {
 if (xmlhttp.readyState == 4) {
  if(xmlhttp.status == 200) {
   alert(xmlhttp.responseText);
  }
 }
}
</script>

PHP part:

<?php 

include 'inc/connect.inc.php'; 

if(isset($_POST['post']) && trim($_POST['post']) != '') $post = mysql_real_escape_string(trim($_POST['post']));
else $post = '';

if ($post != '') {
    $date_added = date("Y-m-d");
    $added_by = "test123";
    $user_posted_to = "test123";
    $sqlCommand = "INSERT INTO posts VALUES('','$post','$date_added','$added_by','$user_posted_to')";
    $query = mysql_query($sqlCommand);
    if(mysql_affected_rows($link) == 1){
     echo 'Operation successfully executed';
     exit;
    }
}
echo 'Write something to post.';

?>

edited Jan 19 '14 at 21:53

answered Jan 19 '14 at 21:29

phpCore

159
4

2

This is just a massive wall of code with a recommendation to use a library (despite the [`javascript` tag](http://stackoverflow.com/questions/tagged/javascript) saying you shouldn't give library dependant answers on questions that aren't already using one). There's no explanation as to what is wrong with the code in the question, or why this code should fix it. It's also made changes to the PHP without saying what they are for (and it's left an SQL injection security hole in there). – Quentin Jan 19 '14 at 21:41
This is still a massive wall of code with no explanation about what changes you've made or why. – Quentin Jan 19 '14 at 22:02
I rewrote the entire javascript part to be Correct for PHP. On the PHP side a escaped the POSTed variable and formatted the response for Javascript part. – phpCore Jan 19 '14 at 22:06
"rewrote the entire javascript part to be Correct for PHP" - only *one letter* needed to be added to make it correct as far as PHP was concerned (well, assuming the user input was correct, but you changes didn't address the possibility that it wasn't). Also "rewrote the entire javascript part to be Correct for PHP" is really vague about what the changes are and says nothing about why the changes were needed. It doesn't even do the same thing with the data as the original code! – Quentin Jan 19 '14 at 22:11
Thank you for your recommendations, I will try to do best next time. – phpCore Jan 19 '14 at 22:17

Unable to pass value to php POST via javascript

2 Answers2