Value from AJAX to PHP using $_POST to update $sql_query

Question

I know that this question might have been asked before, but I can't figure it out.

AJAX is passing the selected date to PHP and it should dynamically update this $select with the data from AJAX and update the query made to teh database. But $_POST['date'] seems to be empty and nothing is happening.

AJAX

$(window).ready(function(event) {
  var today = new Date();
  var dd = today.getDate();
  var mm = today.getMonth()+1; //January is 0!
  var yyyy = today.getFullYear();
  if(dd<10){ dd='0'+dd; }
  if(mm<10){ mm='0'+mm; }
  var today = yyyy+'-'+mm+'-'+dd; // document.getElementById("DATE").value = today;
  selectedDate = today;  // selectedDate = '2016-04-17';
  var options = {
      selectedDate: selectedDate,
      onSelectedDateChanged: function(event, date) {
          var d = new Date(date);
          passDate(d);
      }
  };
  passDate(new Date(selectedDate));
  $('#paginator').datepaginator(options);});


function passDate(d) {
  date = d.getFullYear() + '-' + (d.getMonth() + 1) + '-' + d.getDate();
  console.log(date);

  $.ajax({
      data: date,
      type: "POST",
      url: "php/table_body.php"
  });};

PHP

<?php
$select = $_POST['data'];
$sql_query="SELECT * FROM users where date = '$select'";
// $sql_query="SELECT * FROM users WHERE date = '2017-05-12'";
$result_set=mysql_query($sql_query);
if(mysql_num_rows($result_set)>0)
{
      while($row=mysql_fetch_row($result_set))
  {
  ?>
      <tr>
          <td><?php echo $row[1]; ?></td>
          <td><?php echo $row[2]; ?></td>
          <td><?php echo $row[3]; ?></td>
          <td><?php echo $row[4]; ?></td>
          <td><?php echo $row[5]; ?></td>
          <td><?php echo $row[6]; ?></td>
          <td><?php echo $row[7]; ?></td>
          <td align="center"><a href="javascript:edit_id('<?php echo $row[0]; ?>')"><span class="glyphicon glyphicon-edit"> Edit</a></td>
          <td align="center"><a href="javascript:delete_id('<?php echo $row[0]; ?>')"><span class="glyphicon glyphicon-trash"> Delete</a></td>
      </tr>
   <?php
  }
}
else
{
  ?>
      <tr>
      <td colspan="5">No Data Found !</td>
      </tr>
  <?php
}

Can you help figure how to fix it. Thank you

In your javascript, where are you setting the value of date? Have you echoed $_POST['data']? echo print_t($_REQUEST[])? — Sloan Thrasher, May 12 '17 at 15:29
Also try looking at the contents of the POST request in the browser, via the Web Developer tools, to see what the JS is sending. — Monkeybrain, May 12 '17 at 15:29
Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). — Alex Howansky, May 12 '17 at 15:32
Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 12 '17 at 15:32
Thank you all for the comments. I am new to SQL and will definitely review my code with more recente functions. — Huander, May 12 '17 at 15:39
Sorry, I meant to know if you had done the proper POST request, **after** taking care of previous comment like ˋdata: date` and later saw you had *not* modified the JS part at that point: my mistake... — OldPadawan, May 12 '17 at 18:52

Danny · Answer 1 · 2017-05-12T17:10:47.320

2

In the ajax javascript:

data: { date: date },

You didn't define the variable key for the date.

Also change in the php

$select = $_POST['date'];

And as suggested in the comments code for SQL injection protection.

edited May 12 '17 at 17:10

answered May 12 '17 at 16:47

Danny

1,185
2
12
33

$select = $_POST['data']; echo(""); – Huander May 12 '17 at 17:03
the result is still empty – Huander May 12 '17 at 17:03
1

@Huander – Danny May 12 '17 at 17:06
What does print_r($_POST) return in the ajax? Is the $_POST['date'] empty or is the mysql query just not matching anything? – Danny May 12 '17 at 17:23

score 1 · Answer 2 · answered May 12 '17 at 16:54

1

check your parameter on $.ajax for the data, it should be like

$.ajax({
  url: "php/table_body.php",
  method: "POST",
  data: { date: date}
});

for more information visit this link for ajax ref http://api.jquery.com/jquery.ajax/

answered May 12 '17 at 16:54

Eggy

103
1
2
13

Perhaps the PHP side is wrong, I am able to see this `echo "
```
";
print_r($_POST);
echo "
```
";` on the alert, but not on the PHP page
– Huander May 12 '17 at 17:13
` $.ajax({ url: "php/table_body.php", method: "POST", data: date, success: function(data){ alert(data); } });` – Huander May 12 '17 at 17:13

Value from AJAX to PHP using $_POST to update $sql_query

2 Answers2