-1

On click button, it suppose to execute a query in the php file either update or delete depending on the button clicked. But I think there's no value passed to the variable $status inside php file when buttons are clicked, thus not executing sql queries.

PHP

<?php

$status = $_GET["status"];

if ($status == "update") {

$conn = mysqli_connect('localhost', 'root','root', 'realestate');
$id=$_GET["id"];
$first=$_GET["firstname"];
$mid=$_GET["middlename"];
$last=$_GET["lastname"];
$add=$_GET["address"];
$gend=$_GET["gender"];
$cont=$_GET["contact"];

$first=trim($first);
$mid=trim($mid);
$last=trim($last);
$add=trim($add);
$gend=trim($gend);
$cont=trim($cont);

$result=mysqli_query($conn, "UPDATE agents SET firstname='$first', middlename='$mid', lastname='$last', address='$add', gender='$gend', contact='$cont' WHERE id=$id");
} 



if ($status == "delete") {

$conn = mysqli_connect('localhost', 'root','root', 'realestate');

$id=$_GET["id"];
    $result=mysqli_query($conn, "DELETE FROM agents WHERE id=$id");
}
?>

JavaScript

<script type="text/javascript">
data();
    function data() {
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.open("GET","update.php?status=disp", false);
        xmlhttp.send(null);
        document.getElementById("data").innerHTML = xmlhttp.responseText;
    }


function bb(b) {

var firstid="txtfirst"+b;
var firstname = document.getElementById(firstid).value;


var midid="txtmid"+b;
var middlename = document.getElementById(midid).value;

var lastid="txtlast"+b;
var lastname = document.getElementById(lastid).value;

var addid="txtadd"+b;
var address = document.getElementById(addid).value;

var gendid="txtgend"+b;
var gender = document.getElementById(gendid).value;

var contid="txtcont"+b;
var contact = document.getElementById(contid).value;


update_value(b,firstname,middlename,lastname,address,gender,contact);


document.getElementById(b).style.visibility="visible";
document.getElementById("update"+b).style.visibility="hidden";

document.getElementById("firstname"+b).innerHTML=firstname;
document.getElementById("middlename"+b).innerHTML=middlename;
document.getElementById("lastname"+b).innerHTML=lastname;
document.getElementById("address"+b).innerHTML=address;
document.getElementById("gender"+b).innerHTML=gender;
document.getElementById("contact"+b).innerHTML=contact;
}

function update_value(id,firstname,middlename,lastname,address,gender,contact) {
var xmlhttp = new XMLHttpRequest();

xmlhttp.open("GET","update.php?id="+id+"&firstname="+firstname+"&middlename="+middlename+"&lastname="+lastname+"&address="+address+"&gender="+gender+"&contact="+contact+"&status=update",false);
xmlhttp.send(null);

}

function delete1(id) {
var xmlhttp = new XMLHttpRequest();
xmlhttp.open("GET","update.php?id="+id+"&status=delete", false);
xmlhttp.send(null);
data();
}
</script>
Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user5567987
  • 167
  • 1
  • 12

1 Answers1

0

You have a few issues here. First, I would advise you look into the DRY principle to help you avoid easy to miss problems like not including a status variable in your request.

If you look at your JavaScript you will notice that you are making several requests to the same page, and using copy-paste code to do so. This is a great place to further abstract your code. I would probably use something similar to the following.

Secondly, your PHP script is vulnerable to SQL Injection. How to combat this is well explained here. I can't say for sure that this is your problem, but if you are using a name like O'Reilly it would prevent your script from working. I don't see any other obvious place where your script would go wrong. If anything shows up in your PHP error log, I might be able to help more. 

<script>
//Type isn't needed, browsers assume javascript
function httpRequest(method, url, parameters) {
    // Build a query string, this could be improved but it works for your current use case.
    // It assumes that parameters is an object and does not work for arrays
    var query = "";
    Object.keys(parameters).forEach(function(key) {
        query += encodeURIComponent(key) + '=' + encodeURIComponent(parameters[key]) + "&";
    });

    var xmlhttp = new XMLHttpRequest();
    //If possible you should switch to async requests as well.
    xmlhttp.open(method, url + "?" + query, false);
    xmlhttp.send(); //No need to pass null
    return xmlhttp.responseText;
}
function updateRequest(parameters) {
    return httpRequest("GET", "update.php", parameters);
}

function data() {
    document.getElementById("data").innerHTML = updateRequest({status: "disp"});
}

//bb function removed as it isn't relevant to my point here

function update_value(id,firstname,middlename,lastname,address,gender,contact) {
    updateRequest({
        status: "update",
        id: id, //If you are using a recent browser this can be changed to just id, firstname, ...
        firstname: firstname,
        middlename: middlename,
        lastname: lastname,
        address: address,
        gender: gender,
        contact: contact,
    });
}

function delete1(id) {
    updateRequest({
        status: "delete",
        id: id,
    });
    data();
}
</script>
Community
  • 1
  • 1
Gerrit0
  • 7,955
  • 3
  • 25
  • 32