0

I need to populate related selects with data from the database. The HTML page has a select with id 'fontes' and a select with id 'cargos'. The jQuery code right now:

$("#fontes").change(function () {
  $.ajax({
    type: "POST",
    url: "json_cargos_fonte.php",
    data: ({fonte: $("#fontes").val()}),
    dataType: "json",
    success: function(json){
      var options = "";
      $.each(json, function(key, value){
        options += '<option value="' + key + '">' + value + '</option>';
      });
      $("#cargos").html(options);
    }
  });
});

And the content of json_cargos_fonte.php:

<?php
include ("conexao.php");
header('Content-type: text/json');
$fonte = $_POST['fonte'];
$retorno = array();
$queryCargos = "SELECT * FROM `cargos` WHERE `fonte` = '$fonte' ORDER BY `cargo`";
$resultCargos = $mysqli->query($queryCargos) or trigger_error($mysqli->error."<br>[ $queryCargos]");
while ($row = $resultCargos->fetch_object()) {
    $retorno[] = $row->cargo;
}
echo json_encode($retorno);
?>

I already tested putting a manual value instead of '$fonte' and it worked, but passing the value selected in fontes does not work. No option appears, beyond the default option I wrote in the HTML:

<select id="cargos" name="cargos" style="min-width: 250px;">
  <option>Selecione um Cargo</option>
</select>
Rasshu
  • 1,764
  • 6
  • 22
  • 53
  • 4
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Mar 21 '14 at 13:56
  • 1
    this: `data: ({fonte: $("#fontes").val()}),` should be `data: {fonte: $("#fontes").val()},` no? also, post what is in $("#fontes").val() – JF it Mar 21 '14 at 13:57
  • So it's REQUIRED to use get when passing parameters to a php file which returns json? – Rasshu Mar 21 '14 at 13:58
  • Hm. I made an alert printing $("#fontes").val() and it add a \ to the end of the string. O.o – Rasshu Mar 21 '14 at 14:03
  • Had to remove that last character and it worked. Gonna answer soon. – Rasshu Mar 21 '14 at 14:06
  • Thanks, Quentin and JS it for the hints. And the other guy who commented about GET. – Rasshu Mar 21 '14 at 14:10
  • Changed the query to: $stmt = $mysqli->prepare('SELECT * FROM `cargos` WHERE `fonte` = ? ORDER BY `cargo`'); $stmt->bind_param('s', $fonte); $stmt->execute(); $result = $stmt->get_result(); :D – Rasshu Mar 21 '14 at 14:16

3 Answers3

0

if you want to obtain selected value with jquery, try this

$("#fontes option:selected").val();

iamsleepy
  • 550
  • 3
  • 7
0

In order for this line to work:

$fonte = $_POST['fonte'];

You'll need to serialize your data in your ajax call:

data: $.serialize({fonte: $("#fontes").val()}),
Brian Driscoll
  • 19,373
  • 3
  • 46
  • 65
0

Alerted value of the select inside the jQuery change function and saw it added a '\' to the end of the string. So, e.g., InfoJobs appeared as InfoJobs\

Solution:

var fonte = $("#fontes").val();
var fonteNew = fonte.replace("\\","");

Then, inside $.ajax:

type: "GET",

and

data: {fonte: fonteNew},

In the PHP file, changed from POST to GET.

Rasshu
  • 1,764
  • 6
  • 22
  • 53