Post to php file, and retrieve data with javascript

Question

So i have a php file, that prints data from a table encoded on JSON format.

This is the php file:

<?php
include "db.php";
 $id=$_POST['id'];
$data=array();
$q=mysqli_query($con,"select * from `sitios` where `id_sitio`='$id'");

while ($row=mysqli_fetch_object($q)){
 $data[]=$row;
}

if($q)
 echo "success";
 else
 echo "error";
 }

echo json_encode($data);
?>

This is the javascript script:

$(document).ready(function() {
        var id = decodeURI(getUrlVars()["id"]);
         var dataString = "id=" + id;
        $.ajax({
                type: "POST",
                url: "http://pedrofidalgo.pt/bilapoint/listar_sitio_single.php",
                data: dataString,
                crossDomain: true,
                cache: false,
                success: function(data) {
                    if (data == "success") {
                                    $.getJSON(url, function(result) {
                                        console.log(result);
                                        $.each(result, function(i, field) {
                                            var id = field.id_sitio;
                                            var nome = field.nome;
                                            var descricao = field.descricao;
                                            var img = field.img;
                                            var morada = field.morada;
                                            var coordenada_x = field.coordenada_x;
                                            var coordenada_y = field.coordenada_y;
                                            document.getElementById("titulo").innerHTML =  nome;
                                            document.getElementById("desc").innerHTML =  descricao;
                                            document.getElementById("morada").innerHTML =  morada;
                                                }); 
                                            });
                    } else if (data == "error") {
                        alert("error");
                    }
                }
            });

    });

So basically i a have where i have all items from the database select (list_all.php), and then when i click on a single item, the ID of that item is passed on the URL, and i retrieve it on the otherside with javascript. I dont use GET because this is with phonegapp, so i use a .js file called getURI.js.

First, the function gets the ID that was passed. Then it posts to the PHP file, and the PHP file will get the ID, and make the query for that single item on the database. Is successed, i wanted to store all that data on variables. But for some reason, im getting an error on the console saying

POST http://192.168.1.241:3000/proxy/http%3A%2F%2Fpedrofidalgo.pt%2Fbilapoint%2Flistar_sitio_single.php 500 (Internal Server Error)

THe server is responding correctly because others scripts on the app are working.

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 04 '17 at 19:31
@AgamBanga i dont think i have access to that.. But is everything right with my code? Basically the script gets the id passed on the URL, posts to the PHP file, the php file gets the ID, querys the database about that ID, and returns json data. Then the $.getJSOn funcition handles the data into variables... — Emerenciana, May 04 '17 at 19:47
can you print `echo("Error description: " . mysqli_error($con));` after the `$q=mysqli_query($con,"select * from `sitios` where `id_sitio`='$id'");` — Agam Banga, May 04 '17 at 19:50
@AgamBanga it doesnt echo anything, because the php file is never "opened", its just called by the javascript function that is on another page... — Emerenciana, May 04 '17 at 19:58
@AgamBanga no, not at all... I can call other php files from the same ftp folder and it works just fine... i have other js scripts on the same page, calling anpther php files on the same fodler and it works. It has to be something with this php/js script — Emerenciana, May 04 '17 at 20:02
What a strange url you sending post request to. It looks like concatenation of two different urls — Alexey Chuhrov, May 04 '17 at 20:06
@DanMiller but i have other php scripts on the same directoty and they all work fine... — Emerenciana, May 04 '17 at 20:14
I managed to get it working, But now im getting url not defined on the js script, after the "$.getJSON(" — Emerenciana, May 04 '17 at 20:17
remove the `$.getJSON`. In ajax success callback, `console.log(data)` — Agam Banga, May 04 '17 at 20:19
@AgamBanga i know why im getting the url not defined, because i have to get the JSON from the ajax call i just did, not from the URL; because if i get the json from the url var again, it will not have the information i want since the id was not passed on. Can you help me out on getting the json the php file answered after the ajax post? — Emerenciana, May 04 '17 at 20:31
@Emerenciana added the answer. Please check if it works for you. — Agam Banga, May 04 '17 at 20:42

Agam Banga · Accepted Answer · 2017-05-04T20:44:41.213

In PHP

<?php
    include "db.php";
    $id=$_POST['id'];
    $data=array();
    $q=mysqli_query($con,"select * from `sitios` where `id_sitio`='$id'");

    while ($row=mysqli_fetch_object($q)){
      $data[]=$row;
    }

    if($q)
      echo json_encode(array('status' => true, 'data' => $data));
    else
      echo json_encode(array('status' => false, 'data' => $data));
?>

In Jquery

$(document).ready(function() {
        var id = decodeURI(getUrlVars()["id"]);
        var dataString = "id=" + id;
        $.ajax({
                type: "POST",
                url: "http://pedrofidalgo.pt/bilapoint/listar_sitio_single.php",
                data: dataString,
                crossDomain: true,
                cache: false,
                success: function(data) {
                    data = JSON.parse(data);
                    if (data['status']) {
                         $.each(data['data'], function(i, field) {
                            var id = field.id_sitio;
                            var nome = field.nome;
                            var descricao = field.descricao;
                            var img = field.img;
                            var morada = field.morada;
                            var coordenada_x = field.coordenada_x;
                            var coordenada_y = field.coordenada_y;
                            document.getElementById("titulo").innerHTML =  nome;
                            document.getElementById("desc").innerHTML =  descricao;
                            document.getElementById("morada").innerHTML =  morada;
                        });
                    } else {
                        alert("error");
                    }
                }
        });
    });

With that i get the http 500 error. If i remove the "if($q) echo json_encode(array('status' => true, 'data' => $data)); else echo json_encode(array('status' => false, 'data' => $data)); }" from the php file i dont get the error — Emerenciana, May 04 '17 at 20:44
updated the answer .`if($q) echo "success"; else echo "error"; }` This was bugging me also. i thought this was some other bracket. JS also changed — Agam Banga, May 04 '17 at 20:45
Not yet, i dont think the "var id = decodeURI(getUrlVars()["id"]);" is being passed on.. can u add me on skype or something? — Emerenciana, May 04 '17 at 21:15

Post to php file, and retrieve data with javascript

1 Answers1