1

I have a JavaScript that runs a POST method once my datepicker has been out of focus (I also tried this on a regular submit button) and runs the script rent-fetch-pick-up-point.php. The PHP runs, however it doesn't get past the if-statement because my it's not getting the POST data. The datepicker is tied to a input field time-period-from

datepickerTo.blur(function(){
  if (selectedDateFrom.length > 0) {

    datepickerFrom.delay(500).queue(function(){

      $.ajax({
        type: "POST",
        url: "include/rent-fetch-pick-up-point.php",
        data: {action: selectedDateFrom},
        success: function(data) {
          $("#pick-up-point-container").html(data);
        }
      });
    });
  }
});

Here is the PHP code:

if (isset($_POST['time-period-from'])) {
  require '../include/connection.php';

  $dateFrom = $_POST['time-period-from'];
  $sql = "SELECT * FROM order WHERE $dateFrom BETWEEN date_from AND date_to";
  $result = mysqli_query($connection, $sql);
  $numRows = mysqli_num_rows($result);

  echo $sql; // For testing purposes
}

And here's the HTML:

  <input type="text" name="time-period-from" id="datepicker-from" class="datepicker"></p>

I also tried using $.post() instead of $.ajax(), but I ran into the same issue:

$.post("include/rent-fetch-pick-up-point.php", {name: selectedDateTo}, function(data) {

  $("#pick-up-point-container").text(data)

});
robert
  • 187
  • 2
  • 10
  • You do realize you're sending the data in `action` and not in `time-period-from`? – Charlotte Dunois Apr 18 '16 at 18:00
  • 2
    Your posting `action`, not `time-period-from`... try: `$_POST['action']` – M. Eriksson Apr 18 '16 at 18:01
  • 2
    Your code is vulnerable to [SQL-Injections](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Charlotte Dunois Apr 18 '16 at 18:01
  • 1
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 18 '16 at 18:02
  • @CharlotteDunois oh, that's what's wrong! I didn't quite understand how or where I was supposed to get the POST data from, but things got a little clearer now. Thanks so much. – robert Apr 18 '16 at 18:08

3 Answers3

2

The keys of $_POST come from the keys of the object you pass to the data: option, not the names of the form fields where the values originally came from. Since you used:

data: { action: selectedDateFrom }

the value will be in $_POST['action'], not $_POST['time-period-from']. So you need to use:

if (isset($_POST['action']))

and:

$dateFrom = $_POST['action'];

or you could change the Javascript to:

data: { "time-period-from": selectedDateFrom }
Barmar
  • 741,623
  • 53
  • 500
  • 612
0

I think your selectedDateFrom variable is array that cause your post info can't you get properly . 

data: {action: $('#selectedDateFrom').serializeArray()}

then you get your form data properly

tapos ghosh
  • 2,114
  • 23
  • 37
0

You aren't grabbing the right variable on the PHP side:

if (isset($_POST['action'])) {
  require '../include/connection.php';

  $dateFrom = $_POST['action'];
  $sql = "SELECT * FROM order WHERE $dateFrom BETWEEN date_from AND date_to";
  $result = mysqli_query($connection, $sql);
  $numRows = mysqli_num_rows($result);
  echo $sql; // For testing purposes
}
A.Sharma
  • 2,771
  • 1
  • 11
  • 24