1

yes, i know there is already this kind of question, but i still don't get what i'm doing wrong...

Basically i'm doing a simple Ajax post in jquery to a PHP page, but the xhr status returns me HTTP 500

here the code:

    function Register(mailval) {
    var dataString = 'email1=' + mailval;

AJAX

    // AJAX code to submit form.
    $.ajax({
    type: "POST",
    url: "register.php",
    data: dataString,
    cache: false,
    success: function(data) {
        alert(data);
        $(".modal-body").html('');
        $(".modal-body").html(data);
    },
      error: function (xhr, ajaxOptions, thrownError) {
        console.log(xhr.status);
        console.log(thrownError);
      }     
    });

}

PHP

<?php
$email2 = $_POST['email1'];
$connection = mysqli_connect("127.0.0.1", "user", "psw"); 
$db = mysql_select_db("wnarshix_contatti_form", $connection);
if (isset($_POST['email1'])) {
    $query = mysql_query("insert into user_registered(mail) values ('$email2')");
    echo "Grazie per esserti registrato";
}
mysqli_close($connection); 
?>

i'm not using mysqli properly?

Leo
  • 7,274
  • 5
  • 26
  • 48
Pds Ink
  • 765
  • 2
  • 12
  • 38
  • 3
    Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky Jun 30 '17 at 18:24
  • 3
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Jun 30 '17 at 18:24
  • when you run your php script on its own, do you get any errors, that can throw an 500 error if you use it from javascript – unixmiah Jun 30 '17 at 18:29
  • wrap the mysql_query with a try/catch, probably there is some error there – Sampgun Jun 30 '17 at 18:30
  • 1
    500 error means the script is failing. Check your server error log. – Barmar Jun 30 '17 at 18:32
  • Does the page with your javascript on show https in the address bar? https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy – pokeybit Jun 30 '17 at 18:33
  • Pop a space in mysql `user_registered(mail)` – pokeybit Jun 30 '17 at 18:36

0 Answers0