0

I have a slightly frustrating problem... I'm sending a form value to PHP via AJAX and that seem to work fine. When I do var_dump in PHP I see my values I can also set a variable and echo it correctly. However, the line

$prod_id=$_POST['product'];

causes an uncaught type error in the browser. If I just set the variable with text in PHP everything works fine. To conclude, this piece of code works fine:

$prod_id=("Slab Skate");
$selected_customers = mysqli_query($link,"SELECT * FROM customers
INNER JOIN cust_products on cust_products.cust_id=id
INNER JOIN products on products.prod_id=cust_products.product_id
WHERE products.prod_name='$prod_id'");

This code causes uncaught typerror:

$prod_id=$_POST['product']

Same SQL statement as above. If I do

var_dump ($prod_id);

after setting it with $_POST I get:

string(10) "Slab Skate"

My form data in network headers tab of Chrome developer tools say:

product:Slab Skate

I don't get it...

Thanks in advance for any tips.

Update and some clarifications. The error I get is this: "Uncaught TypeError: Cannot read property 'documentElement' of null" which is a Javascript error coming from a function later in the code. However, since the whole thing works if I "hardcode" the variable instead of setting it from $_POST my assumption was that the error must reside in PHP. But maybe that's not the case...

What I'm doing is the following: posting a form value to PHP -> use value to select from my_sql and prepare an XML output. So far so good, (I can see the xml output in Chrome dev tools) but then I go back to a javascript to fetch the xml output from my PHP file and then it fails. When thinking about it, it's rather obvious why it works with a "hardoded" variable and not with the $_POST set one. So, I see two solutions either set the PHP variable in my_sql or using javascript more intelligently. Do anyone have a smart solution? I could post all the code, but it's quite long.

Second update: I solved the issue by writing an xml file to the server instead of trying to download it from the php file. Then my java function can process the xml correctly. It does work, but I'm not sure how well it scales? It must be better to process the xml output from PHP directly rather then saving it to file first and then process. But, I have no insight on how big the difference is...

/Tim

Tim Sönderskov
  • 1
  • 1
  • 2
    What is the error you get? Also, use prepared statements. – Bart Friederichs Apr 23 '14 at 07:30
  • 2
    Just FYI, please read up on [SQL Injection](http://stackoverflow.com/questions/601300/what-is-sql-injection) because your posted code is vulnerable. – El Yobo Apr 23 '14 at 07:32
  • If you paste in the whole error you might get more help. – El Yobo Apr 23 '14 at 07:33
  • Aside from needing an SQL injection revision, please make sure your $prod_id = $_POST['product']; actually assigns an ID value not an string that you can't use as an ID in a database table... – Marcelo C. Apr 23 '14 at 07:34
  • @MarceloC. OP is checking against `prod_name` so it's probably a string, although I agree the variable name is misleading. – AyB Apr 23 '14 at 07:36
  • dump the var_dump here. – Praveen Puglia Apr 23 '14 at 07:37
  • Yes, I know the variable is a bit misleading... sorry for that. My plan was to address the SQL injection problems later, I first want it to work properly. The exact error I get is "Cannot read property 'documentElement' of null" – Tim Sönderskov Apr 23 '14 at 07:40
  • 1
    Copy the var_dump result here to make sure the variable is actually being posted and it has the right name – Marcelo C. Apr 23 '14 at 07:42
  • The error comes later in the code because the SQL statement does give any data. – Tim Sönderskov Apr 23 '14 at 07:43
  • `Cannot read property 'documentElement' of null` is a javascript error, not a php error. You do know that right? – Andresch Serj Apr 23 '14 at 07:44
  • Yes, I know the error comes from a line later in the code. But since the error go away if I set the variable manually I'm quite sure it's due to the SQL statement returning nothing. – Tim Sönderskov Apr 23 '14 at 07:46
  • var_dump($prod_id); give the following information string(10) "Slab Skate" – Tim Sönderskov Apr 23 '14 at 07:47
  • I'd print the query before actually executing it in PHP to make sure it's been generated properly. Then try using the generated string to manually execute it in mySQL – Marcelo C. Apr 23 '14 at 07:49
  • Check your server logs. My guess is the `$_POST` line generates a notice, making your PHP spit out malformed XML, making your Javascript create a `null`-document, which causes the error. – Bart Friederichs Apr 23 '14 at 07:51

1 Answers1

0

I wouldn't use SELECT * FROM when using Inner Join if i were you. that would cause all sort of problems , simply give the names of columns.

Babak DS
  • 113
  • 6