0

I'm building a simplified referral system.

$(document).ready( function() {

    document.getElementById("getref").onclick = function setref() {
        $.ajax({                                      
            url: 'newref.php', // the script to call to get data
            type: "POST",
            dataType: 'json',  // data format  
            data: {ip:<?php echo $_SERVER['REMOTE_ADDR'] ?>},                        
            // you can insert url arguments here to pass to api.php
            // for example "id=5&parent=6"    
            success: function(data) // on receive of reply
            {
                alert('returned ' + data); //get id
                //--------------------------------------------------------------
                // 3) Update html content
                //--------------------------------------------------------------
                $('#bottom_msg').html("<b>freegoldtrial.com/"+id+"</b>");
                // Set output element html
                // http://api.jquery.com/category/selectors/
            } 
        });
    }
});

Inside newref.php

$ip = $_POST['ip'];
$key = substr(md5(microtime()),rand(0,26),5);
include DB.php

if(! $conn ) {
    die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $conn);
$tbl_name = "refs";
$sql="INSERT INTO refs(ip, id) VALUES ('".$ip."','".$key."')";

if (!mysql_query($sql))
{
    die('Error: ' . mysql_error());
}

mysql_close($con)

How do I return the generated $key variable to the index? As you can see, I'm trying to replace div contents with it. Thanks for all the help :)

Stuart
  • 6,630
  • 2
  • 24
  • 40
ledar
  • 5
  • 2
  • 2
    `echo $key` ..? – David Dec 13 '16 at 19:16
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Dec 13 '16 at 19:19
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Dec 13 '16 at 19:19

1 Answers1

0

Just add the line

echo $key;

to the end of your php file. Then the data variable in the success method contains its value. As mentioned in some of the comments already, this code has some weaknesses which you should cover before actually putting it live.

Iarwa1n
  • 460
  • 3
  • 12