0

So where do i start.

I built a uk CAD system (UK Police roleplay clan). Area in question looks like this:looks like this:HR

I created a Intel page, created the MySQL table column, all is good. However, when i edit the code for the edit user button, to include editing access to intel, it stops working. The entire form doesn't send any info through.

here is the php code for the edit form:

<?php
 include('./includes/init.php');
 
 $id = displayData($_POST['id']);
 
 $sql = "SELECT * FROM users WHERE id = '$id';";
 $result = mysqli_query($link, $sql);
 $row = mysqli_fetch_array($result);
?>

<form>
 <label>Rank</label>
 <input type="text" class="form-control" id="txtUserRank" value="<?php echo displayData($row['rank']); ?>" />
 <label>Division</label>
 <input type="text" class="form-control" id="txtUserDiv" value="<?php echo displayData($row['division']); ?>" />
 <label>Control Access</label>
 <select id="txtControl" class="form-control">
  <option value="<?php echo displayData($row['controlAccess']); ?>"><?php echo BoolToLabel(displayData($row['controlAccess'])) ?> (Current)</option>
  <option value="0">No</option>
  <option value="1">Yes</option>
 </select>
 <label>SLT Access</label>
 <select id="txtSLT" class="form-control">
  <option value="<?php echo displayData($row['sltAccess']); ?>"><?php echo BoolToLabel(displayData($row['sltAccess'])) ?> (Current)</option>
  <option value="0">No</option>
  <option value="1">Yes</option>
 </select>
 <label>Intel Access</label>
 <select id="txtIntel" class="form-control">
  <option value="<?php echo displayData($row['intelAccess']); ?>"><?php echo BoolToLabel(displayData($row['intelAccess'])) ?> (Current)</option>
  <option value="0">No</option>
  <option value="1">Yes</option>
 </select>
 <br />
 <button class="btn btn-block btn-info btnSaveSLTUserChanges">Save Changes</button>
 <hr />
 <button class="btn btn-block btn-danger btnDeleteUser">Delete User</button>
</form>

Here is the code from the php file sending data to the database:

<?php
include('./includes/init.php');

$id = displayData($_POST['id']);
$rank = displayData($_POST['rank']);
$div = displayData($_POST['div']);
$control = displayData($_POST['control']);
$slt = displayData($_POST['slt']);
$intel = displayData($_POST['intel']);

$sql = "UPDATE `users` SET `rank`='$rank',`division`='$div',`controlAccess`='$control',`sltAccess`='$slt', `intelAccess`='$intel' WHERE id = '$id';";
mysqli_query($link, $sql);

And here is the .js code

$('body').on('click', '.btnSaveSLTUserChanges', function() {
 
 var id = $('#addUnitsModalBody').attr("unitid");
 var rank = $('#txtUserRank').val();
 var div = $('#txtUserDiv').val();
 var control = $('#txtControl').val();
 var slt = $('#txtSLT').val();
    var intel = $('#txtIntel').val();
 
 var dataString = 'id=' + id + '&rank=' + rank + '&div=' + div + '&control=' + control + '&slt=' + slt + '&intel=' + intel;
  $.ajax({
   type: "POST",
   url: "./sltEditAccount.php",
   data: dataString,
   success: function(response) {
    $('#Members').load(document.URL +  ' #Members');
   }
  });
});

Any help would be mostly appreciated.

NOTE: Before i added anything to do with Intel, the form worked fine, no issues.

Thanks Tyler

Tyler Kay
  • 1
  • 3
  • I have no idea what `displayData()` does, but I can say for certain it does **not** prevent mysql injection. – Xorifelse Mar 26 '17 at 22:22

2 Answers2

0

I don't see where is element "addUnitsModalBody" defined 

var id = $('#addUnitsModalBody').attr("unitid");

Have you tried seeing the output in your browser Console, to see if it's reporting any javascript error ?

Nawwar Elnarsh
  • 1,049
  • 16
  • 28
  • 1
    this is an ajax call – kourouma_coder Mar 26 '17 at 22:34
  • no since you are using javascript to track the click and POST using AJAX the form method is irrelevant, as it's not used . Notice in your address bar it doesn't redirect you to a url with ?queries=things&something_else=like_this – Nawwar Elnarsh Mar 26 '17 at 22:47
  • i don't know about that, it was there when the file worked okay. and No output, checked the console while trying to use the form, nothing – Tyler Kay Mar 26 '17 at 22:49
  • and no, when it closes and redirects, it just adds ? to the end of the URL – Tyler Kay Mar 26 '17 at 22:50
  • If it used the AJAX request it shouldn't redirect or refresh the page at all, as your jQuery code just loads response to a DIV $('#Members').load(.... – Nawwar Elnarsh Mar 26 '17 at 22:51
  • I think first issue would be that by default the button submits the Form instead of running the javascript code so add type="button" as in this http://stackoverflow.com/questions/932653/how-to-prevent-buttons-from-submitting-forms – Nawwar Elnarsh Mar 26 '17 at 22:53
  • Changed " – Tyler Kay Mar 26 '17 at 23:00
  • no you should see the error in the Console, is there anything there after you click Save Changes ? – Nawwar Elnarsh Mar 26 '17 at 23:18
  • Fixed it, There was a space between sltAccess='$slt', intelAccess='$intel'. Changed it to sltAccess='$slt',intelAccess='$intel'. Now works fine. Thanks for your help tho :) – Tyler Kay Mar 26 '17 at 23:20
  • 1
    The space in the query is irrelevant it should not make any difference with or without a space – Nawwar Elnarsh Mar 26 '17 at 23:22
0

Fixed it.

There was a space between 

`sltAccess`='$slt', `intelAccess`='$intel'

Changed it to

`sltAccess`='$slt',`intelAccess`='$intel'

Now works fine, thanks for everyones help, really feel a bit stupid now haha.

Qirel
  • 25,449
  • 7
  • 45
  • 62
Tyler Kay
  • 1
  • 3
  • That can't possibly be the issue, spaces like that are perfectly valid in a query. You must have changed something else, guaranteed. – Qirel Mar 26 '17 at 23:40
  • Definitely something else is the issue, I intentionally leave space after each comma in update queries – Nawwar Elnarsh Mar 27 '17 at 04:43