Trouble with inserting JS variable into MySQL table with PHP with AJAX

Question

I am a pretty much a beginner to all of these technologies, I have been stuck all day on what I thought would be a fairly simple process. Basically, I'm trying to pass a parameter in a JS function through to my PHP code using AJAX, and then inserting the parameter into my database.

The JS function in my .html file.

    function pushData(paramData) {
    $.ajax({
        url: "databaseStuff.php",
        type: "post",
        data: paramData
        });
}

I wish to insert into my SQL table whatever I have put into the Parameters. For example the below code should create 3 new database entries. I have these hooked up to buttons in my actual project.

pushData('It is Wednesday');
pushData('My Dudes');
pushData('AHHHHHHH!');

databaseStuff.php

<?php

$mysqli = new mysqli("localhost", "root", "default", "testDB");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . 
$mysqli->connect_error;
}
echo $mysqli->host_info . "<br>";

$paramData = $_POST['paramData'];

$sql = "INSERT INTO testDBtable (Name, Text) VALUES ('Joe', '$paramData')";

?>

My PHP is successfully connecting to the MySQL DB since I am getting the proper 'localhost via TCP/IP' message, however, I am getting stuck on:

"Notice: Undefined index: paramData in C:\wamp64\www\databaseStuff.php on line 23

Help is appreciated! I am not concerned with SQL injection vulnerability as this code will never leave localhost.

You never query the `$sql` variable. You just create the string. — Qirel, Sep 10 '17 at 20:29
You're already using an API that supports **prepared statements** with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare) and [`mysqli_stmt::bind_param()`](http://php.net/mysqli-stmt.bind-param). — Qirel, Sep 10 '17 at 20:29

score 1 · Accepted Answer · answered Sep 10 '17 at 21:00

1

Try writing your Ajax data parameters like this

data: {
    'paramdata':paramdata
}

Also, you never actually queried your data.

mysqli_query($mysqli, $sql);

But with the error that you're getting, it's likely because of the ajax data parameters.

answered Sep 10 '17 at 21:00

Petey Howell

190
14

Thanks, this solved my problem with getting my data to POST over to the PHP file. My other problem was caused by the automatic Timestamp in my database not having a default value. – Dynamicron Sep 11 '17 at 02:48

Oleh Rybalchenko · Answer 2 · 2017-09-11T05:55:11.567

0

If you just want to correct your code, replace the AJAX query with this:

$.ajax({
    url: "databaseStuff.php",
    type: "post",
    data: {'paramData': paramData}
});

However, you should not concatenate user input with sql query directly because of SQL injections, I suggest you to use parametrized queries. Here is the PHP manual page with explanation and examples

edited Sep 11 '17 at 05:55

answered Sep 10 '17 at 20:37

Oleh Rybalchenko

6,998
3
22
36

XSS attacks is more of a problem on output. On input, what you're probably thinking of, is SQL injection – Qirel Sep 10 '17 at 21:55

Trouble with inserting JS variable into MySQL table with PHP with AJAX

2 Answers2