Submit PHP Prepared statement with ajax

Question

First i am just learning about PHP prepared statements and sql injection. And my first question is, is this php code good enough to stop sql injection. And my second question how do i submit this php statement with Ajax. Thanks in advance

<?php
require_once ("db.php");
$db = new MyDB();
session_start();

if (isset($_POST['submit_req']))
{
$req_title = $_POST['req_title'];
$req_min = $_POST['req_min'];
$req_entry = $_POST['req_entry'];
$req_payment = $_POST['req_payment'];
$post_req = $_POST['post_req'];

$stmt = $db->prepare('INSERT INTO users_request (req_title, min_order, poi, pay_method, req_brief) VALUES (:req_title, :min_order, :poi, :pay_method, :req_brief)');
$stmt->bindValue(':req_title', $req_title, SQLITE3_TEXT);
$stmt->bindValue(':min_order', $req_min, SQLITE3_TEXT);
$stmt->bindValue(':poi', $req_entry, SQLITE3_TEXT);
$stmt->bindValue(':pay_method', $req_payment, SQLITE3_TEXT);
$stmt->bindValue(':req_brief', $post_req, SQLITE3_TEXT);

$result = $stmt->execute();

if ($result)
{
    echo "<p>Request post successful</p>";
}
}

Ajax code i have tried but didn't work

$('#post_form').submit(function () {

        $.ajax({
            url: "req_exec.php",
            type: "POST",
            data: $(this).serialize(),
            dataType: "json",
            success: function (data) {
                $('.success').html(data);
            }

        });

The form

<div class="success"></div>
<div class="post_req">
<form action="req_exec.php" method="post" enctype="multipart/form-data" id="post_form">
    <input type="text" name="req_title" id="req_title" placeholder="Request title. (Example: Dried Cashew Nuts)">
    <input type="text" name="req_min" id="req_min" placeholder="Minimum Order. (Example: 2 Tons, 7800 units, 40 container, 1 Barrel)">
    <div class="form_division">
        <input type="text" name="req_entry" id="req_entry" placeholder="Point of Entry">
        <input type="text" name="req_payment" id="req_payment" placeholder="Payment Method">
    </div>
    <textarea name="post_req" id="post_req" placeholder="Briefly describe your request" rows="6"></textarea><br>
    <input type="submit" name="submit_req" id="submit_req" value="Post Request">
</form>
</div>

Thanks in advance.

this would be enough to answer your first question : http://stackoverflow.com/a/134138/2359679 — hassan, Mar 26 '17 at 13:13
for second question, do you got an error ? what's the real issue — hassan, Mar 26 '17 at 13:14
No need dataType: 'json', because you are not using json_encode on your php code. — Genina Anne Gabuten, Mar 26 '17 at 14:55

Submit PHP Prepared statement with ajax

0 Answers0