php variable not getting substituted with value

Question

I have an issue. I am sending data from javascript to PHP. In PHP the value is extracted into a variable. This value has to be substituted in the create statement. It is not getting substituted. On echoing the php variable is being read. why isn't it getting passed to the create statement? The relevant code snippets are below:

AJAX call:

$.ajax({
    type: "POST",
    url: "createTableInDB.php",
    data: 'pTblName=' + filename,
    success: function(msg){
        alert(msg);
    }
});

When I check in PHP, the filename is taken into the variable correctly.

PHP code:

$username="root";
$pass="";

try {
    $db_conn = new PDO("mysql:host=localhost;dbname=test", $username, $pass);
    // set the PDO error mode to exception
    $db_conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $db_conn->setAttribute(PDO::ATTR_EMULATE_PREPARES , false);

    $tblName = stripcslashes($_POST['pTblName']);

    $sql = "CREATE table If Not Exists $tblName (
            Sl_No varchar(4) Primary Key,
            E_Name varchar(100) not null,
            EXP varchar(10) not null);";

    $db_conn->exec($sql);

    echo("Created Table");


    }
catch(PDOException $e)
{
    echo "Connection failed: " . $e->getMessage();
}

Can anyone guide me where I am wrong? I am not getting any error messages. The page just reloads and everything resets.

The function calling the function with ajax: function extractName(){ fullPath = document.getElementById('testInputFile').value;

    if (fullPath) {
        var startIndex = (fullPath.indexOf('\\') >= 0 ? fullPath.lastIndexOf('\\') : fullPath.lastIndexOf('/'));
        filename = fullPath.substring(startIndex);
        if (filename.indexOf('\\') === 0 || filename.indexOf('/') === 0) {
            // filename = filename.substring(1);
            filename = filename.substring(1, filename.lastIndexOf('.'));
        }

        //console.log(filename);
        createTableInDB(filename);
    //  Excel = readExcelFile(fullpath);
    }
   }

This function is called in the submit button of the html form

Related: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — El Yobo, Jul 13 '17 at 05:33
Could you edit your question and show us the entire function that calls your ajax? I kinda have a feeling you're not using `preventDefault()` — icecub, Jul 13 '17 at 05:40
@AyyappanSekar There is no output at all. Nothing is returned to my success function — Pallavi Prasad, Jul 13 '17 at 05:40
@icecub this is the entire ajax function. I am just extracting the file name from a html form and passing that to PHP as I want a table created in that name — Pallavi Prasad, Jul 13 '17 at 05:42
@PallaviPrasad you mentioned that you get the file name in the variable in php script. So I guess you have no issue with the ajax function or passing the parameter to the phs script. I suggest you to hard code the table name in the query and run the same script. If it still doesn't create the table, then there could be a issue in your database. — Nimeshka Srimal, Jul 13 '17 at 05:42
I know. But what's calling it? I assume you have something like `$("#yourForm").on("submit", function(){` — icecub, Jul 13 '17 at 05:43
The filename is sent correctly. When I `echo` it in PHP, it is returned correctly. — Pallavi Prasad, Jul 13 '17 at 05:43
@NimeshkaSrimal I want the table name to be dynamic. Hence this code — Pallavi Prasad, Jul 13 '17 at 05:44
@PallaviPrasad I know. This is just to see where the issue lies :) If it creates the table when you hardcode it, then you will know that you have no problem in your query. — Nimeshka Srimal, Jul 13 '17 at 05:45
@PallaviPrasad Did you specify datatype of your posting data ? like datatype:'text' — Saad Suri, Jul 13 '17 at 05:46
There is a button which when clicked, extracts uploaded filename and passes it to the function with the ajax call. I will edit my post adding this code — Pallavi Prasad, Jul 13 '17 at 05:47
@SaadSuri You don't have to provide the datatype ( If none is specified, jQuery will try to infer it based on the MIME type of the response) — icecub, Jul 13 '17 at 05:48
We need the full `createTableInDB()` function code. Not the code that calls that function. — icecub, Jul 13 '17 at 05:49
@PallaviPrasad: I think there is no issue with the ajax call and php script as well. I tested both and i am able to they are working fine. Can you try executing a select statement and see the database connection is properly working? — Ayyappan Sekar, Jul 13 '17 at 05:49
@NimeshkaSrimal Thanks. I tried with hardcoded table name and the query is working perfectly. It is only when I make it dynamic that there is an issue — Pallavi Prasad, Jul 13 '17 at 05:50
@AyyappanSekar I think it's just as I expected from the start. He's not using `preventDefault()`. The form is being submitted normally. — icecub, Jul 13 '17 at 05:51
@icecub I have posted the entire `createTableInDB()`. That is all there is in the function. It has the ajax call only at present. — Pallavi Prasad, Jul 13 '17 at 05:51
Yes. And that's exactly what's going wrong. You're not preventing the form from being submitted normally. So Ajax is sending it, but your browser is browsing towards the PHP just as well. You need to use `preventDefault()` to stop this. — icecub, Jul 13 '17 at 05:53
@PallaviPrasad can you post your environment details? I tried your code and it works perfectly in my pc :) — Nimeshka Srimal, Jul 13 '17 at 05:55
@PallaviPrasad: If you send the filename to php script by ajax call, dont use submit button in form. Use a normal button instead and call your createTableInDB() function on click of that button. — Ayyappan Sekar, Jul 13 '17 at 05:56
Give your form a unique id like `
` Then use code like this: `$("#someid").on("submit", function(e){ e.preventDefault(); // ajax call here });` — icecub, Jul 13 '17 at 05:57
This comment thread is getting longer. What is the php version? — Nimeshka Srimal, Jul 13 '17 at 05:57
I agree. The comment section is getting to long. You know what? Put your entire code into a ZIP archive. Upload it here: http://home.icecub.nl/PairProgramming/ (read the explanation!). Then comment the invite URL here. We'll be able to join you there and work on your code together. — icecub, Jul 13 '17 at 06:00
@icecub Done. By the way. I changed the code the what you suggested. Still not working — Pallavi Prasad, Jul 13 '17 at 06:02
@PallaviPrasad Read my previous comment. Upload your code to my server. All of it. Because we won't be able to figure out what's going on like this. — icecub, Jul 13 '17 at 06:03
@PallaviPrasad Feel free to remove any sensitive information like database passwords first of course. We don't need those. — icecub, Jul 13 '17 at 06:04
@icecub the link: http://home.icecub.nl/PairProgramming/project.php?id=298347445#&togetherjs=eHRd93gVdf — Pallavi Prasad, Jul 13 '17 at 06:19
@PallaviPrasad If you accidently closed the page, just click on the link you just gave me here. It will get you back in — icecub, Jul 13 '17 at 06:24
@PallaviPrasad I need you to be there as well. I can't fix the issue without you — icecub, Jul 13 '17 at 06:35

score 1 · Answer 1 · answered Jul 13 '17 at 05:35

1

try this :

$.ajax({
    type: "get",
    url: "createTableInDB.php",
    data: 'pTblName=' + filename,
    success: function(msg){
        alert(msg);
    }
});

And your php cod edit this line :

$tblName = stripcslashes($_GET['pTblName']);

answered Jul 13 '17 at 05:35

BENY

41
9

score 0 · Accepted Answer · answered Jul 13 '17 at 09:13

0

The issue got resolved. In the PHP code, I just added the following lines:

$sql="use test";
$db_conn->exec($sql);

I added this before the create statement and it is working.

Everyone's help and guidance is much appreciated.

answered Jul 13 '17 at 09:13

Pallavi Prasad

577
2
9
28

php variable not getting substituted with value

2 Answers2