-3

I have Ajax POST request. It always return 200 OK but I am not getting what I hope. I know there is a json problem but i can't solve this problem. Here's my code :

<script type="text/javascript" src="../js/jquery-1.11.2.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
  $("form#formreg").submit(function(){
    if (confirm("Are You Sure Want To Save ?")){
      $.ajax({
        url: "save.php",
        type:"post", 
        contentType: 'application/json; charset=utf-8',
        data:$( ":input" ).serialize(), 
        dataType: "json", 
        success:function(response){
          if(response.status == 1)
           { 
             alert("Save OK !");
           }
           else
           {
             alert("Fail To Save!");
           }
        },
        error: function(xhr){
                alert("An error occurred: " + xhr.status + " " + xhr.statusText);
        }
      });
    }
    return false;
  });
});
</script>
<form method="post" name="formreg" action="" id="formreg">
  <table>
    <tr>
        <td>Name</td>
        <td><input type="text" id="name" name="name" required="required" size="50" maxlength="50"  /></td>
    </tr>
  </table>
  <input type="submit" id="submit" value="Save"/>
</form>

save.php

<?php
  include_once("connect.php");
  $name =   $_POST['name'];
  mysql_query("INSERT INTO visitor(name) VALUES('$name')") or die ("Fail To Add !");
  echo '{"status":"1"}';  
?>

what are the wrong code so my script doesn't work, can you help me ?

agus priyo
  • 95
  • 1
  • 9
  • 3
    You say there's a problem, but don't tell us what the problem is. If the request returns a 200 OK response then the AJAX code is fine. If the PHP code does not perform the action you expect then you need to debug that code, not the JS – Rory McCrossan Jul 06 '16 at 14:08
  • 1
    _"I am not getting what I hope"_. What do you hope to get? What are you getting? – JLRishe Jul 06 '16 at 14:08
  • 4
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 06 '16 at 14:09
  • 2
    @FastSnail good spot. I'd post that as an answer, or vote to close for a typo in the code. – Rory McCrossan Jul 06 '16 at 14:09
  • 3
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 06 '16 at 14:09
  • 3
    Hmmm don't format your own json, let `json_encode($myArray)` do the job for you little apple ! – Anwar Jul 06 '16 at 14:10

1 Answers1

2

The problem is there : 

$name =   $_POST['$name'];

Replace $name with name because the identifier in your form is 'name'. Since you're passing a bad variable to the query your PHP dies and returns a status of 200, but is has died before you echo out your JSON string, which is why the JSON is never returned.

Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Damien
  • 3,322
  • 3
  • 19
  • 29