0

I am looking at using the variable from a SELECT on my form to populate the WHERE clause in my SQL to then populate an INPUT.

This is the getdata.php file

<?php
  include "db.php";
  $boilermodel = $_POST["boilermodel"];
  $sql = "SELECT SAP2009AnnualEfficiency FROM blr.BoilerModel WHERE BoilerModel = '".$boilermodel."' ";      
  $res = odbc_exec($cnn, $sql);
  while($row = odbc_fetch_array($res)) {            
     echo $row['SAP2009AnnualEfficiency'];
  }
  ?>

This below is the jQuery to pull it onto the INPUT box

<script type="text/javascript">
    $(document).ready(function(){
        $("select#boilermodel").change(function(){
        var boilermodel = $("select#boilermodel option:selected").attr('value');
        $.post("assets/configs/getdata.php", {boilermodel:boilermodel}, function(data){               
            $("input[name='saprating']").html(data);
        });
    });
});
</script>

When the variable is inserted into the query nothing is returned,no errors show either. I even changed the line in my jQuery from $("input[name='saprating']").html(data); to $("input#saprating").html(data); this didn't do anything. A question I do have is that how can I be sure that my $_POST is being fed into the sql?

My main question is where have I gone astray with this so far?

Michael
  • 3,982
  • 4
  • 30
  • 46
Jez
  • 159
  • 1
  • 4
  • 14

2 Answers2

0

First you are not sending POST to right URL, check first parameter in $.post. Second you can see your POST parameters with var_dump($_POST) in target file. And of course, you can check your db to see did it pass. You can track your POST requests in Console, tab Network (e.g. for Chrome).

Revolution88
  • 688
  • 5
  • 17
  • Sorry the wrong URL was my error when posting, I had changed on the file before submitting on here. So do I put `var_dump($_POST) in the getdata.php? Also should the jQuery be placed at the bottom of my main page? Nothing I POST is also showing in the Console through Chrome either – Jez Feb 25 '14 at 12:12
  • Yes, var_dump is PHP function. It will print out your POST parameters. You can check response in Console as I said. And if you can't see POST requests, maybe javascript function above is not called. Try adding console.log or alert to see does it work. – Revolution88 Feb 25 '14 at 12:18
  • This is the output of my console.log `Object {url: "assets/configs/getdata.php", type: "POST", isLocal: false, global: true, processData: true…} accepts: Object` async: true contentType: "application/x-www-form-urlencoded; charset=UTF-8" contents: Object converters: Object crossDomain: false data: "boilermodel=Potterton+Promax+15+HE" dataTypes: Array[2] flatOptions: Object global: true hasContent: true isLocal: false jsonp: "callback" jsonpCallback: function (){var e=Fn.pop()||x.expando+"_"+vn++;return this[e]=!0,e} processData: true responseFields: Object – Jez Feb 25 '14 at 12:25
  • `success: function (data){ type: "POST" url: "assets/configs/getdata.php" xhr: function In(){try{return new e.XMLHttpRequest}catch(t){}} __proto__: Object` So I see that the variable is being pulled as it's getting the data: – Jez Feb 25 '14 at 12:26
  • You are calling console.log on whole object, but never mind. Then definitely you POST should be in Network. First clear network log, then change value in your dropdown or whatever and then check what you have in your network. – Revolution88 Feb 25 '14 at 12:31
  • Ok, how else do I call the console log? I ask as I've never used it before. I cleared the log and refreshed page also, chose a new option and again the data field shows my choice. – Jez Feb 25 '14 at 12:35
  • console.log accepts variable, so you can pass it whatever you want. You can put it in success to see is data returned there. Something like console.log(data); – Revolution88 Feb 25 '14 at 12:38
0

The first thing to do is to read up on sql injection here:

How can I prevent SQL injection in PHP?

as your code is vunerable.

Secondly I would add

console.log(data)

right after $("input[name='saprating']").html(data);

as this should show you what you are getting back.

Community
  • 1
  • 1
Steve B
  • 634
  • 4
  • 11
  • I've changed the get.php as shown at the top to prevent sql injection. I also added the console log after the line you suggested. When I view the console log it looks the same as when I had it in the line above. Is my jQuery right – Jez Feb 25 '14 at 12:58
  • well another approach that may work here is to switch to a get (this is what you are logically doing anyway). Then browse to assets/configs/getdata.php?boilermodel=foo. Your browser will then display exactly the same data jQuery would receive. – Steve B Feb 25 '14 at 13:13
  • I tried it using GET and the URL returned was `assets/configs/getdata.php?boilermodel=Potterton+Promax+15+HE` When the + signs are shown where spaces would be I assume when it goes into a string that those would disappear? This is also the same as when I had POST , the data section in the console log showed `boilermodel=Potterton+Promax+15+HE` I have tried to run the getdata.php on its own, taking out the $_POST and put the same boilername I posted here in and when this ran it echo'd out the percentage I was looking for. So I dont understand why when its all put together that it shows nothing – Jez Feb 25 '14 at 14:24
  • just a thought, on my mainform where the input is named 'saprating' do I need anything in the value=""? – Jez Feb 25 '14 at 14:25
  • Why would all this still show nothing when the variable is input into the sql? – Jez Feb 25 '14 at 20:53
  • I don't understand how when you look at chained SELECT, which is what I have before work, yet why is it so difficult to do SELECT to INPUT. All I want to do is take the variable from the SELECT option and use this as the WHERE clause in the sql to fill the INPUT field. How from my original code can I output the returned value from the sql? – Jez Feb 26 '14 at 00:25