0

I am developing this where I enter enter the name of the product and the details would display in other input fields. I am able to use jquery autocomplete select the product name.

Below is my code. Please what is really wrong with my code since it works once and stop.

My HTML

<label for="inputEmail3" class="col-sm-2 control-label">Product Name</label>
<div class="col-sm-4 ui-widget">
<input type="text" class="form-control" placeholder="Name of Product" name="search_prod_name" id="search_prod_name">
<div id="product_List">
</div>
</div>

JQUERY

<script> 
$(document).ready(function(){

    $('#search_prod_name').change(function() {
        var prodd_name = $(this).val();
        $.ajax({
                url:"select_for_sell.php",
                method: "POST",
                data:{prodd_name: prodd_name},
                dataType: "JSON",

                success:function(data) {
                    $('#pro_cat').val(data.pro_cat);
                    $('#product_name').val(data.product_name);
                    $('#manu_name').val(data.manu_name);
                    $('#supp_name').val(data.supp_name);
                    $('#unit_sell_price').val(data.unit_sell_price);
                    $('#manu_dt').val(data.manu_dt);
                    $('#expiry_dt').val(data.expiry_dt);
                    $('#qty_in_stock').val(data.qty);
                }
        }); 
    }); 
}); 
</script>

My PHP

<?php 

include_once('conn/conn.php');
if(isset($_POST["prodd_name"])) {
    $query_product = "SELECT * FROM sellnsell_products WHERE product_name = '". $_POST["prodd_name"]."' ";
    $result_product = mysqli_query($cnn, $query_product);
    while($rrow = mysqli_fetch_array($result_product)) {
        $data["pro_cat"]            = $rrow["product_cat"];
        $data["product_name"]       = $rrow["product_name"];
        $data["manu_name"]      = $rrow["manu_name"];
        $data["supp_name"]      = $rrow["supp_name"];
        $data["unit_sell_price"]    = $rrow["unit_sell_price"];
        $data["qty_in_stock"]   = $rrow["qty"];
        $data["manu_dt"]            = $rrow["manu_dt"];
        $data["expiry_dt"]      = $rrow["expiry_dt"];

    }
    echo json_encode($data);
}
?>
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Kwasi Owusu
  • 11
  • 4
  • 1
    I can't see input fields like `pro_cat`,`product_name`,`manu_name` i your html – B. Desai Aug 09 '17 at 09:32
  • Also check errors in developers console. – u_mulder Aug 09 '17 at 09:34
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Aug 09 '17 at 09:35
  • I have all the fields but I considered them long to paste all here – Kwasi Owusu Aug 09 '17 at 09:44
  • I tried the .keydown yet still not working. Regarding changing the SQL query to prepared statement, that's not an issue. Thank you tho' – Kwasi Owusu Aug 09 '17 at 10:24

1 Answers1

0

Try this change this,

$('#search_prod_name').change(function() {

to this,

$('#search_prod_name').keydown(function() {

also change your SQL query to use prepared statements using variables directly inside mySQL query opens up the system to be attacked using a MySQL injection method.

Also remove those unnecessary spaces in your PHP just keep it simple.

S4NDM4N
  • 904
  • 2
  • 11
  • 26