Update database in ajax/php

Question

i'm developing a website for a school project, but it's 2 days i'm working on a change password function with no success. I wrote an ajax function to send post data to php script.

$(function() {
  function submitForm() {
    var data = $("#chpass").serialize();
    $.ajax({
      type : 'POST',
      url  : "chpass.php",
      data : data,
    });
  }
});

That's the chpass.php script.

<?php

include_once 'dbconfig.php';  // import db configuration

$sql = "UPDATE tbl_users SET user_password='password' WHERE user_email= "asdfgh@adfghj.dfgh"";


  // Prepare statement
  $stmt = $db_con->prepare($sql);

  // execute the query
  $stmt->execute();

?>

And the html

<div id="myModal" class="modal fade" role="dialog">
  <div class="modal-dialog">

    <!-- Modal content-->
    <div class="modal-content">
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal">&times;</button>
        <h4 class="modal-title">Change Password</h4>
      </div>
      <div class="modal-body">
        <form  method="post" id="chpass">
          <div id="error">
          <!-- error will be showen here ! -->
          </div>


          <!-- password -->
          <div class="form-group has-feedback">
            <span class="glyphicon glyphicon-lock form-control-feedback"></span>
            <input type="password" class="form-control" placeholder="New Password" name="password" id="password" />
          </div>

          <!-- retype password -->
          <div class="form-group has-feedback">
            <span class="glyphicon glyphicon-log-in form-control-feedback"></span>
            <input type="password" class="form-control" placeholder="Retype Password" name="cpassword" id="cpassword" />
          </div>


        </form>
      </div>
      <div class="modal-footer">
        <div class="row">
          <div class="col-xs-8">
          </div>
          <!-- /.col -->
          <div class="col-xs-4">
            <button id="btn-submit" type="submit" class="btn btn-primary btn-block btn-flat " name="btn-save" onclick="submitForm()" >Change</button>
          </div>
          <!-- /.col -->
        </div>
      </div>
    </div>
  </div>
</div>

I really do not understand why it doesn't work.

Look at the highlighting and quoting. Use `'` instead of `"` around the email. — Qirel, Dec 23 '16 at 13:02
Your PHP script is throwing errors. The string syntax is broken, as indicated by the code highlighting on this page. — David, Dec 23 '16 at 13:03
"UPDATE tbl_users SET user_password='password' WHERE user_email= "asdfgh@adfghj.dfgh""; is a wrong syntax you are closing quotes and opening them again, "UPDATE tbl_users SET user_password='password' WHERE user_email= 'asdfgh@adfghj.dfgh'"; would work. But is will ALLWAYS set password = the string "password" for the user with that email. not sure that is what you whant — Victor Radu, Dec 23 '16 at 13:05
In the future please show the errors thrown. Please refer to: [Ask]. You also didn't even bother to complete the 2-minute site tour before posting. — T-Heron, Dec 23 '16 at 13:06
I'm sorry, that's the first time. Anyway, what do you mean with "show the errors thrown"? I did not get any error. — NewProg, Dec 23 '16 at 17:15

score 0 · Answer 1 · answered Dec 23 '16 at 13:05

Change your chpass.php to below

<?php

include_once 'dbconfig.php';  // import db configuration

$sql = "UPDATE tbl_users SET user_password='password' WHERE user_email= 'asdfgh@adfghj.dfgh'";


// Prepare statement
$stmt = $db_con->prepare($sql);

// execute the query
$stmt->execute();

?>

score 0 · Answer 2 · answered Dec 23 '16 at 13:15

0

Your query has break because you have used double quotes inside double quotes

use this one

"UPDATE tbl_users SET user_password='password' WHERE user_email= 'asdfgh@adfghj.dfgh'";

answered Dec 23 '16 at 13:15

Passionate Coder

7,154
2
19
44

score 0 · Answer 3 · answered Dec 23 '16 at 13:25

If you are at all worried about safety (which you always shoud imo).

This snippet is based on the assumption you're using PDO as $db_con.

// Any random password
$randomPass = random_int(0, 10);
$sql = "UPDATE `tbl_users` SET `tbl_users`.`user_password` = :pass WHERE `tbl_users`.`user_email` = :email";
$stmt = $db_con->prepare($sql);
$stmt->bindValue(':pass', $randomPass, \PDO::PARAM_STR);
$stmt->bindValue(':email', $userSubmittedEmail, \PDO::PARAM_STR);
$stmt->execute();

The final php script uses the password inserted by the user. — NewProg, Dec 23 '16 at 15:59

score 0 · Answer 4 · answered Dec 23 '16 at 18:05

After changing the quotes the problem still remain. The console shows me this error "index.html: 51 Uncaught ReferenceError: submitForm is not defined". The browser can not find the javascript function submitForm (), but the chpass.js file with that function is linked. Probably it's a Sintax error.

Rakesh Jangid · Answer 5 · 2016-12-23T13:37:56.557

-1

Please see this code below

$email = $email;
$password = $new_password;
$query = "UPDATE TABLE_NAME SET password = :password WHERE email = :email";
$pdo_object= $pdo->prepare($query); 
$pdo_object->bindParam(':email', $_POST['email'], PDO::PARAM_STR); 
$pdo_object->bindParam(':password', $password, PDO::PARAM_STR);

edited Dec 23 '16 at 13:37

answered Dec 23 '16 at 13:18

Rakesh Jangid

190
1
10

**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Dec 23 '16 at 13:19
Why are you using :email/:password instead of $email/$password? – NewProg Dec 23 '16 at 15:56

Update database in ajax/php

5 Answers5