0

i am having two tables tbl_category, tbl_food. I am using Cordova so i use a html file, a remote .php file and i want to select all from the tbl_food where the category is "ID" (can be 1 or 2 or 3...).

I use the following code for the php file:

<?php
 include "db.php";
 if(isset($_POST['check']))
 {
    $ID=$_POST['ID'];
    $data=array();
    $q=mysql_query("select * from `tbl_food` WHERE Cat='$ID'");

    while ($row=mysql_fetch_assoc($q)){
    $data[]=$row;
    echo json_encode($data);
    }


}
?>

and this is the ajax code i am using into the HTML file, the function will be called once i select the category from the dropdown:

function getFoodList() {
            var ID = $('#foodcat :selected').val();
            var dataString = "&ID=" + ID + "&check=";
            $.ajax({
                    type: "POST",
                    url: "http://myurl.com/load_list.php",
                    data: dataString,
                    dataType: 'json',
                    crossDomain: true,
                    cache: false,
                    success: function (data) {
                    var result=$.parseJSON(data);
                            $.each(result, function (index, val) {
                                $("#foodlist").append($('<option></option>').val(val.Points).html(val.Name) + " - " + val.Quantity);
                            });
                    }
                });
        }

The problem is it never reaches the success function: which means if i am not wrong, that the php doesn't return anything.

Neg
  • 35
  • 6
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Feb 12 '16 at 18:16
  • 1
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Feb 12 '16 at 18:17
  • 1
    Have you watched the request / response in your browser's developer tools? – Jay Blanchard Feb 12 '16 at 18:17
  • What does it give when printing on php side? – Nabin Kunwar Feb 12 '16 at 18:17

1 Answers1

0

1) The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed from PHP 7.Please dont use it. U can use PDO or mysqli_.

2) Dont write direct query use prepare. Direct query leads to sql injection Refer this : http://php.net/manual/en/security.database.sql-injection.php

3) Now your actual problem is in ajax. You are using POST method in ajax and sending your data as query string.

Try below code :

JS Function : 

function getFoodList() {
            var catid = $('#foodcat :selected').val();
            $.ajax({
                    type: "POST",
                    url: "http://myurl.com/load_list.php",
                    data: {ID:catid,check:"SOME_VALUE"},
                    dataType: 'json',
                    crossDomain: true,
                    cache: false,
                    success: function (data) {
                    var result=$.parseJSON(data);
                            $.each(result, function (index, val) {
                                $("#foodlist").append($('<option></option>').val(val.Points).html(val.Name) + " - " + val.Quantity);
                            });
                    }
                });
        }

PHP Code : 

<?php
 include "db.php";
 if(isset($_POST['check']))
 {
    $ID=$_POST['ID'];
    $data=array();
    $q=mysql_query("select * from `tbl_food` WHERE Cat='$ID'");

    while ($row=mysql_fetch_assoc($q)){
    $data[]=$row;

    }

    echo json_encode($data); //this needs to be placed outside the loop.


}
?>
Mr. Engineer
  • 3,522
  • 4
  • 17
  • 34