Printf is not working in AJAX php file?

Question

Hi I want to update some data in my mysql database by using form in html and AJAX technology. I have problem because data is not updated after click on submit and in response message I have not only message but clear mysql ask too! Let's look at my alert:

My idea is the printf is not really post text into "query" function but this text output is going stright into response data and query is always wrong from empty text...

Let's look at my AJAX php file:

<?php
 session_start();
 error_reporting(0);
 $imie = $_POST['imie'];
 $nazwisko = $_POST['nazwisko'];
 $kodpocztowy = $_POST['kodpocztowy'];
 $ulica = $_POST['ulica'];
 $nrdomu = $_POST['nrdomu'];
 $nrmieszkania = $_POST['nrmieszkania'];
 $miasto = $_POST['miasto'];

 try
 {
  if (! @include_once('connect.php'))
    throw new Exception ('connect.php kurwa nie istnieje</br>');
  if (!file_exists('connect.php' ))
    throw new Exception ('connect.php nie istnieje</br>');
  else
    require_once('connect.php'); 
 }
 catch(Exception $e)
 {    
    echo "Wiadomość: " . $e->getMessage();
    echo "Kod: " . $e->getCode();
 }
 require_once "connect.php";

 $polaczenie = @new mysqli($host, $db_user, $db_password, $db_name);
 if($rezultat = @$polaczenie->query(printf("UPDATE adresy SET imie='%s', nazwisko='%s', kodpocztowy='%s', ulica='%s', nrdomu='%s', nrmieszkania='%s', miasto='%s' WHERE id=%s",$imie,$nazwisko,$kodpocztowy,$ulica,$nrdomu,$nrmieszkania,$miasto,$_SESSION['id'])))
 {
  $polaczenie->close();
  echo "Good!";
 }
 else
 {
  $polaczenie->close();
  echo "Not good!";
 }

 
?>

Have you any idea how to solve this problem? Maybe what to use instead printf or echo? Please help, greatings.

score 5 · Answer 1 · edited May 23 '17 at 12:15

5

printf() prints out the text directly, you do actually want to use sprintf(), which returns the string instead of printing it out.

Some side notes though:

Using "@" before function calls is almost never good practice, you should probably remove them
You should probably also dig deeper into something called "SQL Injection"

edited May 23 '17 at 12:15

Community

1
1

answered Jan 13 '16 at 19:40

ArSeN

5,133
3
19
26

" you do actually want to use sprintf(), which returns the string instead of printing it out." Yes but how? – Artimal Jan 13 '16 at 19:52
I am not sure if I understand your asking: In the line that starts with `if($rezultat = @$polaczenie->query`, just replace the `printf` with `sprintf` (or rather, just add an `s` at the start). – ArSeN Jan 13 '16 at 19:58

score 1 · Answer 2 · edited Feb 26 '16 at 17:12

1

Your problem is indeed printf.

You should use sprintf which returns a string instead of printf which displays the string

From the docs:

sprintf

(PHP 4, PHP 5, PHP 7)
sprintf — Return a formatted string

printf

(PHP 4, PHP 5, PHP 7)
printf — Output a formatted string

edited Feb 26 '16 at 17:12

Sevle

3,109
2
19
31

answered Jan 13 '16 at 19:39

Alex Tartan

6,736
10
34
45

Printf is not working in AJAX php file?

2 Answers2