0

I am trying to get the results array from a function with sql query in the file functions.php through Ajax. Could someone help me out? I post the code:

In the file functions.php

function my_action(){
    global $wpdb;

    $tablename = $wpdb->prefix . 'rg_lead_detail';
    $lead_id = $_POST['fieldvalue'];  // This variable will get the POST 'fieldvalue'
    $form_id = 21;

    $sql = "SELECT * FROM $tablename WHERE lead_id = %d AND form_id= %d";

    $results = $wpdb->get_results( $wpdb->prepare( $sql, $lead_id, $form_id ), ARRAY_A );

    return $results;
}

in my javascript file:

(function($){
$(document).ready(function() {
   $('#input_12_153').change(function (){
       if ($('#input_12_153').attr("value")== 'no-selection'){
            $('#input_12_48').val( '' );}
       else{
            var valor = $('#input_12_153').attr("value");
        jQuery.ajax({ // We use jQuery instead $ sign, because Wordpress convention.
        url : '/optcat/wp-admin/admin-ajax.php', // This addres will redirect the query to the functions.php file, where we coded the function that we need.
        type : 'POST',
        data : {
            action : 'my_action', 
            fieldvalue : valor,
        },
        success: function( response ) { 
            alert(response);           
        }
        });
       }
   });
 });
})(jQuery);
εtiena
  • 15
  • 5
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 04 '17 at 19:33
  • Is now safe enough? $lead_id = $_POST['fieldvalue']; // This variable will get the POST 'fieldvalue' $form_id = 21; $sql = "SELECT * FROM $tablename WHERE lead_id = %d AND form_id= %d"; $results = $wpdb->get_results( $wpdb->prepare( $sql, $lead_id, $form_id ), ARRAY_A ); – εtiena May 04 '17 at 20:16
  • how should the result look like? – Oliver F. May 04 '17 at 22:06
  • My problem is that the sql query gives me an array. That array I would like to pass it to the javascript and populated some fields of the form. However I cannot pass the array I got array0 or undefined... The array is not empty with var_dump I could see what it contains – εtiena May 05 '17 at 06:58
  • This is what I get.. How do I get every single value? [{"value":"ASSL 990"},{"value":"Livorno"},{"value":"Gigi Simoni"},{"value":"gigio@simoni-livornese.it"},{"value":"dffo"},{"value":"s@optio.com"}]0 – εtiena May 05 '17 at 07:10
  • And what about to parse it as json and in js use this json directly? – Oliver F. May 10 '17 at 18:23
  • add this in functions.php add_action("wp_ajax_my_action", "my_action"); add_action("wp_ajax_nopriv_my_action", "my_action"); – Ravi Sukhadia May 12 '17 at 11:57
  • [Please do not ask the same question repeatedly](https://stackoverflow.com/questions/43799698/how-to-get-the-array-from-php-to-javascript-through-ajax-and-json). This is regarded as noise on Stack Overflow. If your question is closed as unanswerable or did not attract responses, then the first thing to do is to *improve the question*; some guidance for this is [given here](http://stackoverflow.com/help/how-to-ask). Low-quality or unanswerable questions will typically be closed, but can be re-opened if improved or clarified (as appropriate). – Matt May 27 '17 at 10:53

0 Answers0