0

i am troubleshooting with update row using AJAX. When i click submit button, the value of poke increases +1 and i need it to update in DB also. Everything needs to work with AJAX. Currently my code works only +1 to poke input with ajax but DB row still not updating. HTML:

 <?php
                    $result = $mysqli->query("SELECT * FROM users") or die($mysqli->error);
                    while ($users = $result->fetch_assoc()) {
                        ?>
                        <form class="table" name="table" id="table" method="post" enctype="multipart/form-data" autocomplete="off" data-counter="<?php echo $users['id']?>">
                            <div class="Table-row" id="table">
                                <div class="Table-row-item" data-header="Header1"><input class="clear" type="text" name="first_name" id="first_name" value="<?php echo $users['first_name'] ?>"></div>
                                <div class="Table-row-item" data-header="Header2"><input class="clear" type="text" name="last_name" id="last_name" value="<?php echo $users['last_name'] ?>"></div>
                                <div class="Table-row-item" data-header="Header3"><input class="clear" type="text" name="email" id="email_<?php echo $users['email']?>" value="<?php echo $users['email'] ?>"></div>
                                <div class="Table-row-item" data-header="Header4"><input class="clear" type="text" name="poke" id="poke_<?php echo $users['id']?>" value="<?php echo $users['poke']?>"></div>
                                <div class="Table-row-item" data-header="Header5"><input class="poke" type="submit" value="Poke" id="submit" name="submit"></div>
                                <input class="clear" type="hidden" id="hidden" name="hidden" value="<?php echo $users['email']?>">
                            </div>
                        </form>
                                        <?php 
                                      } ?>

PHP: 

<?php
require 'db.php';
if (isset($_POST['submit'])) {
$poke = $mysqli->escape_string($_POST['poke']);
    $email = $mysqli->escape_string($_POST['email']);
    $mysqli->query("UPDATE users SET poke='$poke' WHERE email='$email'") or die($mysqli->error);
}

AJAX:

$(document).ready(function () {
    $('form').on('submit', function (e) {
        var id = $(this).attr('data-counter');
        e.preventDefault();
        $.ajax({
            type: "post",
            data: $(this).serialize(),
            url: "update.php",
            success: function () {
                var counter = parseInt($("#poke_"+id).val()); // Use form's inner #poke
                counter++;
                $("#poke_"+id).val(counter);
                alert("form was submited on: " + id);
            }
        });
        return false;
    });
});
Modestas Pruckus
  • 1
  • 1
  • 1
    Why not just `SET poke = poke+1` instead of passing the number in? That way it doesn't get cached. Also, you are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). – aynber Jun 20 '17 at 14:04
  • Why i am wide open for injection? Does escape_string doesn't solve it? – Modestas Pruckus Jun 20 '17 at 14:10
  • 1
    No, even escape_string isn't foolproof. The best way is to use prepared statements. [Here is some good information about it](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – aynber Jun 20 '17 at 14:12
  • [Have you watched the AJAX request / response in the browser's developer tools? Have you included the jQuery library in the project? Are there any errors reported? Are you running this on a web-server?](http://jayblanchard.net/basics_of_jquery_ajax.html) – Jay Blanchard Jun 20 '17 at 14:24

1 Answers1

0

Not enough info. You need to do more diagnostics.

E.g: Dump the SQL statement to the output so you can check it is what you expect it to be.

And run the SQL in, e.g. phpAdmin to check if it updates.

You may have a problem in the email string, which could be caused by, say, different character encodings between AJAX and the DB. Probably both should use UTF8.

RobertB
  • 1