Laravel : AJAX not updating Database table

Question

What i'm trying to achieve here is whenever the user clicks on a radio button, it changes the task's status accordingly

<input type="radio" name="status"
<?php if($task->status == 'todo'){echo('checked');}?>
onchange = "change('todo')">Todo

<input type="radio" name="status"
<?php if($task->status == 'doing'){echo('checked');}?>
onchange = "change('doing')">Doing

<input type="radio" name="status"
<?php if($task->status == 'done'){echo('checked');}?>
onchange = "change('done')">Done

<script>
  function change(status){
  $.ajax({
      url: "/changeStatus.php/",
      type: "POST",
      data: { 'status': status, 'task_id': '<?php echo($task->id); ?>' },                   
  });
  }
</script>

and in my "changeStatus.php" file

<?php
    dd($_GET['status']);
    $con=mysqli_connect("127.0.0.1","root","","project_management");
    // Check connection
    if (mysqli_connect_errno()){
        echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    $status = $_POST['status'];
    $task_id = $_POST['task_id'];
    dd($status,$task_id);
    $sql = "UPDATE 'tasks' SET 'status' = '$status' WHERE 'id' = 'task_id'";

    if (!mysqli_query($con,$sql))
    {
        die('Error: ' . mysqli_error($con));
    }

    mysqli_close($con);

?>

the problem is that the Database is not updated when i click on the radio buttons, and there's no error too! any help is appreciated!

note: the reason why "laravel" is in the tag; is because the error when i changed it to using POST method (which should be the correct method) is returning an error in my app.js file (from laravel).

conclusion : Thanks to the answer by Loren bellow (apporoved), i also made some changes to the code, as follows -in my changeStatus.php i removed the dd, and var_dump function; as it was creating errors. -changed the submission method from GET to POST -and fixed the query into:

$sql = "UPDATE tasks SET status = '$status' WHERE id = '$task_id'";

@linktoahref nothing happens, the website stays on the same page too. — Kevin fu, Mar 29 '17 at 14:18
watch this: https://laracasts.com/series/laravel-from-scratch-2017 , because altough it works, this code has a lot of issues and is not how you use laravel.. you need to learn the basics first. — Christophvh, Mar 30 '17 at 07:42
@Christophvh can you clarify the issues in my code above? i really need it. — Kevin fu, Mar 30 '17 at 07:54
like i said , too much to explain. Click on the link and start watching, or read the documentation. https://laravel.com/docs/5.4/database your changestatus.php file is not using anything from laravel. It also has a lot of security leaks. thats just plain php code. — Christophvh, Mar 30 '17 at 08:02

score 0 · Accepted Answer · answered Mar 29 '17 at 14:33

0

It seems to me that your problem is here:

$sql = "UPDATE 'tasks' SET 'status' = '$status' WHERE 'id' = 'task_id'";

should be

$sql = "UPDATE 'tasks' SET 'status' = '$status' WHERE 'id' = '$task_id'";

Note: This is not the Laravel way to edit a database entry and is a very insecure way to run database queries. Please, please, validate status and task_id so you don't get database injection attacks. (It does, however, seem to be a Laravel view.)

answered Mar 29 '17 at 14:33

Loren

9,783
4
39
49

Thank you so much, it works now! (also updated my method from GET to POST. turns out it's just a missing '$', typical mistake (so embarrassed). and yes, i'm going to use this new updated data in a laravel view. – Kevin fu Mar 29 '17 at 14:52
Just switching from GET to post won't help. Someone can easily set task_id to be 1' or '1' = '1 and it would change all the rows in your table. Please see this question to help secure your queries http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Loren Mar 29 '17 at 15:38
See also the PHP page http://php.net/manual/en/security.database.sql-injection.php – Loren Mar 29 '17 at 15:46

Laravel : AJAX not updating Database table

1 Answers1