1

Situation

I've got a working script that sends an ajax request to get_code.php. This script is run from the main page - index.php. The get_code.php script queries my MySQL DB for a row and then sends back the data to index.php.

Current code

jQuery in index.php

<script type="text/javascript">
$("#Code").click(function(){
    var cde = $("#codeinput").val();
        $.ajax({
            method:'POST',
            url:'get_code.php',
            data: {va_code:cde},
            dataType: 'json',
            success: function(output_string){
                    $('#rtable').append(output_string);
                    $("#codeinput").val('');
                    var prc = $(".price:last");
                    prc.focus();
            }
        });
});    
</script>

PHP script get_code.php

<?php
include('dbc.php');
$code = $_POST['va_code'];
$cq = mysql_query("SELECT * FROM variants where va_code='$code'")or die(mysql_error());
  if(!$cq){
mysql_close();
echo json_encode('There was an error running the query: ' . mysql_error());
  }elseif(!mysql_num_rows($cq)){
mysql_close();
echo json_encode('No results returned');
  }else{
$output_string = '';
$output_string .= '<tr>';
while($row = mysql_fetch_assoc($cq))
{        
     $output_string .= '<td>'.$row['cost'].'</td>';
//etc. etc. lots more output here
}
     $output_string .= '</tr>';
}
mysql_close();
echo json_encode($output_string);
?>

Problem

However, if no results are found for the query, nothing is returned on the page to notify the user. Ideally I'd like to open a modal, or display a div in which I can use the data the user input. I just can't work out for the life of me how to check if $cq returns no results, and if so then to display something on index.php like a notification saying 'Your code was not found'.

Appreciative of any help

jg2703
  • 169
  • 4
  • 20
  • Your code is vulnerable to SQL injection attacks. You should use [mysqli](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) or [PDO](http://php.net/manual/en/pdo.prepared-statements.php) prepared statements as described in [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky Apr 07 '17 at 15:52
  • The `mysql_*` functions are deprecated as of PHP v5.5 and have been removed as of v7.0. They should not be used for new code and should be swapped out for [mysqli](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) equivalents as soon as possible. – Alex Howansky Apr 07 '17 at 15:52
  • you should definately use prepared statements, plus error_reporting(E_ALL); ini_set('display_errors', 1); and sanitize user input values. Beside that, you have a request in get_code.php -> if ($stmt->num_rows > 0) { // do stuff here // } else { echo"false"; } -> use the response "false" in ajax 'success' to do whatever you need... – OldPadawan Apr 07 '17 at 15:53
  • Thanks for the heads up @AlexHowansky – jg2703 Apr 07 '17 at 15:53

1 Answers1

0

You could return a result flag. This is a good logic and easy to understand.

If no row was found : 

die(json_encode(['result' => false, 'error' => 'No code was found']));

If some code found : 

die(json_encode(['result' => true, 'output' => $output_string]));

And in js : 

...
success: function(data){
    if (!data.result) {
        alert(data.error);
    } else {
        $('#rtable').append(data.output);
        $("#cmtcodeinput").val('');
        var prc = $(".price:last");
        prc.focus();
    }
}
...

Hope it helps.

JazZ
  • 4,469
  • 2
  • 20
  • 40