Ajax Function Not Running

Question

So I'm trying to insert a row into my database. and I'm calling an ajax like function to insert a new row into my table. but its not inserting a row.

function showResult(first, last)
    {

    var First = first;
    var Last = last;

       if (window.XMLHttpRequest)
       {// code for IE7+, Firefox, Chrome, Opera, Safari
            xmlhttp=new XMLHttpRequest();
       }
       else
       {// code for IE6, IE5
            xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
       }
       xmlhttp.open("POST","http://www.website.ca/portal/MyChapter2/cgi-bin/DetermineUser.php?FirstName="+First+"&LastName="+Last,true);
       xmlhttp.send();    

  }

and here is the file it goes to, in order to insert the row into the table.

<?php
require_once (dirname(__FILE__) . '/../../include/Initialization.php');
require_once (PORTAL_PATH . '/include/FormLibrary.php');
require_once (PORTAL_PATH . '/include/SingleRowQuery.php');
require_once (PORTAL_PATH . '/include/Functions.php');
require_once (PORTAL_PATH . '/include/VolunteerInterests.php');
require_once (PORTAL_PATH . '/TaskManager/cgi-bin/AutoTaskFunctions.php');

$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];

$sql="INSERT INTO `Track_Notification`(`Track_ID`, `Track_UserID`) VALUES    ('$FirstName','$LastName')";
echo ("success");

?>

**`Ajax Function Not Running`**...so is it failing in the web browser? Is it not running due to a syntax error? Is your PHP file fine and dandy? Please follow these steps to properly debug AJAX issues and then you can properly place blame on which code is broken: http://stackoverflow.com/a/21617685/2191572 — MonkeyZeus, Feb 24 '14 at 15:50
I call the function using jQuery. The browser isn't the problem its just that the code isn't executing. — CFleming, Feb 24 '14 at 15:58

score 3 · Answer 1 · answered Feb 24 '14 at 15:42

You're doing a POST, but not sending any data via that POST. You're sending data in the URL, which is actually a GET technique:

xmlhttp.open([..snip...] /DetermineUser.php?FirstName="+First+"&LastName="+Last,true);
                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Doesn't matter what HTTP verb you use, if there's query parameters in the URL, they'll be in $_GET, so

$_GET['FirstName'];
$_GET['Lastname'];'

And beyond that, you're vulnerable to SQL injection attacks, so enjoy having your server pwn3d.

ops yea, I changed that back to get put posted the wrong code here. How do I prevent sql injection attacks? — CFleming, Feb 24 '14 at 15:53

score 0 · Accepted Answer · answered Feb 24 '14 at 15:42

0

You are not running the query

Add

$result = mysqli_query($sql);

(or mysql_query, based on what you are using)

answered Feb 24 '14 at 15:42

cornelb

6,046
3
19
30

Ajax Function Not Running

2 Answers2