0

I am making a page on a website in PHP where a user fills out 3 fields and hits submit. The submit button should call my AJAX function to send the data to a database connection PHP file. I can confirm the data is sent from AJAX (via an alert) and the function returns a Success. This must mean my database query file is not interpreting the data correctly. Please help me understand where I went wrong.

Code from php page where the form is:

<script type="text/javascript">
function storeInvoice() {
    //var c_name = document.getElementById('c_name');
    //var c_license = document.getElementById('c_license');                         
    //var c_licenseemail = document.getElementById('c_licenseemail');
    var data=$('#myForm').serialize();
        $.ajax({
        url: "/paydb.php",
        type: "POST",
        data: data,
        async:false,
        dataType:'html',
        success: function (value) {
            alert("Sent: "+data);
        }
    });
}
</script>

Relevant Code from Database php file:

mysqli_select_db($conn, "main_db" );

$c_license = $_POST['c_license'];
$c_name = $_POST['c_name'];
$c_licenseemail = $_POST['c_licenseemail'];

//Another method was attempted below.
//$data=$_POST['serialize'];
//$c_licenseemail = $data['c_licenseemail'];
//$c_license = $data['c_license'];
//$c_name = $data['c_name'];

$query = "INSERT INTO `invoices`(`company`, `licensenum`, `licenseemail`) VALUES ('$c_name','$c_license','$c_licenseemail');";
mysqli_query($conn, $query);

The data is sent as:

c_name=testname&c_license=3&c_licenseemail=testemail%40email.com

Any help is much appreciated!

talemyn
  • 7,822
  • 4
  • 31
  • 52
Nathan Brown
  • 217
  • 3
  • 10
  • 1
    [Have you watched the AJAX request / response in the browser's developer tools? Have you included the jQuery library in the project? Are there any errors reported? Are you running this on a web-server?](http://jayblanchard.net/basics_of_jquery_ajax.html) – Jay Blanchard Apr 19 '17 at 17:58
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 19 '17 at 17:58
  • 2
    He is using the POST method in his AJAX call @dan08 – Jay Blanchard Apr 19 '17 at 17:59
  • @dan08 serialize makes the data sent in this way, he can still retrieve the data with $_POST vars – Tushar Gupta Apr 19 '17 at 18:00
  • I saw `dataType: 'html'` in an example I was referencing. – Nathan Brown Apr 19 '17 at 18:04
  • 2
    Please, [quit using `alert()` for troubleshooting.](http://stravid.com/en/stop-the-javascript-alert-madness/), use `console.log()` instead. – Jay Blanchard Apr 19 '17 at 18:06
  • Can you print `$rawData = file_get_contents("php://input");` in php file & paste the output – Agam Banga Apr 19 '17 at 18:08
  • @AgamBanga It seems normal, Sent: c_name=testname&c_license=3&c_licenseemail=testemail – Nathan Brown Apr 19 '17 at 18:28
  • @NathanBrown Can you try this `mysqli_query($conn, $query) or die(mysqli_error($conn));` & see if it gives you any error. – Agam Banga Apr 19 '17 at 18:34
  • @AgamBanga This seems useful, ERROR: Duplicate entry '0' for key 'PRIMARY' – Nathan Brown Apr 19 '17 at 18:42
  • I have added the answer. Please check that. – Agam Banga Apr 19 '17 at 18:45

2 Answers2

4

Please use the 

mysqli_query($conn, $query) or die(mysqli_error($conn));

For duplicate key, you need to make the primary key to auto increment in your database.

Agam Banga
  • 2,708
  • 1
  • 11
  • 18
1

In your success callback function replace alert(data) with alert(value) and in your database.php file echo any of the post variables to just check whether the values are correctly sent to database.php via ajax post.

dokgu
  • 4,957
  • 3
  • 39
  • 77
Chaitanya Ghule
  • 451
  • 1
  • 5
  • 11
  • 1
    Please, [quit using `alert()` for troubleshooting.](http://stravid.com/en/stop-the-javascript-alert-madness/), use `console.log()` instead. – Jay Blanchard Apr 19 '17 at 18:06
  • The echos have the correct value. For example echo "c_license" sends back 3 if 3 was typed into that field. – Nathan Brown Apr 19 '17 at 18:12
  • It's wierd, it sent the query to the DB after making these small changes only. But it only worked twice and now no longer works. I'm confused.. – Nathan Brown Apr 19 '17 at 18:23