Jquery jTable PHP+MySQL don´t Update

Question

iam using JQuery jTable and PHP for my Website.

While Loading Data from Database work perfectly! but when Update the Data: send POST to edit the rows doesent update MySQL database, just jtable, but after reload the Page "load from mysql" the data is back to befor update.

Delete data work, only update don`t update

my js:

  //Prepare jTable
        $('#log').jtable({
            title: 'Domains',
            toolbar: {
            hoverAnimation: true, //Enable/disable small animation on mouse hover to a toolbar item.
            hoverAnimationDuration: 60, //Duration of the hover animation.
            hoverAnimationEasing: undefined, //Easing of the hover animation. Uses jQuery's default animation ('swing') if set to undefined.
            items: [] //Array of your custom toolbar items.
            },
            paging: true,
            sorting: true,
            pageSize : 10,
            pageSizes : [ 2, 5, 10, 15, 20, 50, 75, 100, 200, 500 ],
            defaultSorting: 'domain ASC',
            actions: {
                listAction: 'actions.php?action=list',
                createAction: 'actions.php?action=create',
                updateAction: 'actions.php?action=update',
            //  deleteAction: 'actions.php?action=delete'
            },
            messages: DeutschMessages,
            fields: {
                id_domain: {
                    key: true,
                    title: 'ID',
                    create: false,
                    edit: false,
                    list: true
                },
                domain: {
                    title: 'Domainname',

                    width: '30%'
                },
                exclude: {
                    title: 'Exclude',
                    defaultValue: 'www,ns,ftp,mail,mx,pop,smtp',
                    width: '40%'
                },
                dnsip: {
                    title: 'DNS Server',
                    width: '20%'
                },
                key: {
                    title: 'Key',
                    sorting: false,
                    list: false,
                    width: '20%'
                },
                enable_a: {
                    title: 'A',
                    options: ['1','0'],
                    sorting: false,
                    width: '20%'
                },
                enable_ns: {
                    title: 'NS',
                    options: ['1','0'],
                    sorting: false,
                    width: '20%'
                },
                enable_url: {
                    title: 'URL',
                    options: ['1','0'],
                    sorting: false,
                    width: '20%'
                },
                max: {
                    title: 'MAX',
                    defaultValue: '-1',
                    sorting: false,
                    width: '20%'
                }
            }
        });


        //Load person list from server
        $('#log').jtable('load');

    });

and the php script:

    //Open database connection
$con = mysql_connect($mysql_host,$mysql_user,$mysql_pass);
mysql_select_db($mysql_db,$con); 

//Getting records (listAction)
if($_GET["action"] == "list")
{
 if (empty($_POST['search'])) 
    {
    $search = NULL;

    $result =  mysql_query("SELECT COUNT(*) AS RecordCount FROM domains;");
    $row = mysql_fetch_array($result);
    $recordCount = $row['RecordCount'];

    $result = mysql_query("SELECT * FROM domains ORDER BY " . $_GET["jtSorting"] . " LIMIT " . $_GET["jtStartIndex"] . "," . $_GET["jtPageSize"] . ";");

    } 
    else
    {

    $search = mysql_real_escape_string($_POST['search']);

    $result =  mysql_query("SELECT COUNT(*) AS RecordCount FROM domains WHERE id_domain LIKE '%".$search."%' or domain LIKE '%".$search."%'  or exclude LIKE '%".$search."%' or dnsip LIKE '%".$search."%';");
    $row = mysql_fetch_array($result);
    $recordCount = $row['RecordCount'];

        //Get records from database
        $result = mysql_query("SELECT * FROM domains WHERE id_domain LIKE '%".$search."%' or domain LIKE '%".$search."%'  or exclude LIKE '%".$search."%' or dnsip LIKE '%".$search."%' ORDER BY " . $_GET["jtSorting"] . " LIMIT " . $_GET["jtStartIndex"] . "," . $_GET["jtPageSize"] . ";");

            $_SESSION["query"] = "SELECT * FROM domains WHERE id_domain LIKE '%".$search."%' or domain LIKE '%".$search."%'  or exclude LIKE '%".$search."%' or dnsip LIKE '%".$search."%' ORDER BY " . $_GET["jtSorting"];
            $_SESSION["contador"] = "SELECT COUNT(*) AS RecordCount FROM domains WHERE id_domain LIKE '%".$search."%' or domain LIKE '%".$search."%'  or exclude LIKE '%".$search."%' or dnsip LIKE '%".$search."%'";


            }

    //Add all records to an array
    $rows = array();
    while($row = mysql_fetch_array($result))
    {
        $rows[] = $row;
    }

    //Return result to jTable
    $jTableResult = array();
    $jTableResult['Result'] = "OK";
    $jTableResult['Records'] = $rows;
    $jTableResult['TotalRecordCount'] = $recordCount;
    print json_encode($jTableResult);
}
//Creating a new record (createAction)
else if($_GET["action"] == "create")
{

    //Insert record into database
    $result = mysql_query("INSERT INTO `domains`(`id_domain`, `domain`, `exclude`, `dnsip`, `key`, `enable_a`, `enable_ns`, `enable_url`, `max`) VALUES ('', '".$_POST["domain"]."','".$_POST["exclude"]."','".$_POST["dnsip"]."','".$_POST["key"]."','".$_POST["enable_a"]."','".$_POST["enable_ns"]."','".$_POST["enable_url"]."','".$_POST["max"]."');");

    //Get last inserted record (to return to jTable)
    $result = mysql_query("SELECT * FROM domains WHERE id_domain = last_insert_id();"); // WHERE id_domain = last_insert_id();");  // id_domain = LAST_INSERT_ID();");
    $row = mysql_fetch_array($result);

    //Return result to jTable
    $jTableResult = array();
    $jTableResult['Result'] = "OK";
    $jTableResult['Record'] = $row;
    print json_encode($jTableResult);
}
//Updating a record (updateAction)
else if($_GET["action"] == "update")
{
$id = $_REQUEST['id_domain'];
    //Update record in database
    $result = mysql_query("UPDATE domains SET domain = '"  . addslashes($_POST["domain"]) . "', exclude = '"  . addslashes($_POST["exclude"]) . "', dnsip = '"  . addslashes($_POST["dnsip"]) . "', key = '"  . addslashes($_POST["key"]) . "', enable_a = '"  . addslashes($_POST["enable_a"]) . "', enable_ns = '"  . addslashes($_POST["enable_ns"]) . "', enable_url = '"  . addslashes($_POST["enable_url"]) . "', max = '"  . addslashes($_POST["max"]) . "' WHERE id_domain = $id;");

    //Return result to jTable
    $jTableResult = array();
    $jTableResult['Result'] = "OK";
    print json_encode($jTableResult);
}
else if($_GET["action"] == "listname")

...

after hit Update:

Response is always "ok"

i can´t catch the error ./

any help ?

First of all you're at risk, your code is vulnerable to sql injection, take a look here: [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php), then when you execute a query you should always check the value returned in order to determinate if the query was or not succesfully executed... in your case: `if (!$result) echo "There is something wrong".die(mysql_error());` — Cristofor, Jun 22 '14 at 10:22

score 0 · Accepted Answer · answered Jun 22 '14 at 10:35

0

Have you seen this?

updateAction: 'actions.php?action=update',
//  deleteAction: 'actions.php?action=delete'

should be:

updateAction: 'actions.php?action=update'
//  deleteAction: 'actions.php?action=delete'

without the comma at the end of the first line (you removed the following row so this is the last one.

Furthermore: you should consider to switch to PDO for mysql safe site.

Last but not least: you are not handling errors in the insert query. Try something like:

if(mysql_query("INSERT INTO `domains`
(`id_domain`, `domain`, `exclude`, `dnsip`, `key`, `enable_a`, `enable_ns`, `enable_url`, `max`) 
VALUES 
('','".$_POST["domain"]."','".$_POST["exclude"]."','".$_POST["dnsip"]."','".$_POST["key"]."','".$_POST["enable_a"]."','".$_POST["enable_ns"]."','".$_POST["enable_url"]."','".$_POST["max"]."');")){ $jTableResult['Result'] = "OK";
}else{
$jTableResult['Result'] = "KO";
}

answered Jun 22 '14 at 10:35

Lelio Faieta

6,457
7
40
74

that with commma fixed alrdy, dosent help :( PDO next :) at this momment using it on homeserver just for test :) in this question : http://stackoverflow.com/questions/20542099/jtable-conditional-show-hide-edit-and-delete-buttons-based-on-owner-of-data updateAction: 'childReviewActions.php?action=update&ID=' + reviewData.record.CDID this only work in LIST Action in my Child Table (another script)! when i try to use it on Update or delete , Browser say : undefined! – VBnoob Jun 22 '14 at 10:39
ok ill try . but my reson is not solved , why POST Data dont Update – VBnoob Jun 22 '14 at 10:44
debug, do not add more elements. For example. What are the values of $_POST array? if the values are ok the problem is in the query side (server side). If the values are not correct the problem is on the jtable side (client side). Start from that and then descend in more details. – Lelio Faieta Jun 22 '14 at 10:58
ok found error near Key '' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'key = qwezriwuzrweirewi' at line 1 – VBnoob Jun 22 '14 at 11:00
Yes, correct. Should be key = 'qwezriwuzrweirewi'. without '' mysql reads qwezriwuzrweirewi as a field name. – Lelio Faieta Jun 22 '14 at 11:05
how i can santianize it to post it trough from JavaScript ? also instead key = §&"%&§"&§%"§=!" to key = "euriwezrizwerz89347293" i have removed now Key from post and it work, i can be that mysql break the Operation then JS is sending key as: key:update1:%32/233238 somth like this – VBnoob Jun 22 '14 at 11:19

Jquery jTable PHP+MySQL don´t Update

1 Answers1