Update-Table function with Ajax call (POST 500 error)

Question

I am a bloody beginner, I apologize if my mistake was too stupid.

So far I cannot get my 'taskone' entry updated. After the click on the button it should be '1' in the row for the current user.

my function

    function loadDoc( user) {
console.log('aaa');
            $.ajax({

                url: "upper.php",
                type: "POST",
                data: {
                    'wp_users': user, 'taskeins': '1'
                },
                success: function(data){
                    alert(data);
                }
            });
        }

my upper.php

$con=mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$current_user = get_current_user_id();
$Username = $_POST['wp_users'];
$taskeins = $_POST['taskeins'];

$sql = "UPDATE 'wp_users' SET 'taskeins' = 1 WHERE 'id' = '$current_user'";

if (!mysqli_query($con,$sql))
{
    die('Error: ' . mysqli_error($con));
}
mysqli_close($con);

Basically the function should detect if the user has select the task. If so, 'taskeins' should get the indicator one so that it will be presented in the profile of the user.

The function gets called but that:

(function(event){loadDoc() }) is my console output. And I get a POST 500 error...

What I said - I am a total beginner. But maybe someone can help me.

Open error logs and find what's the cause of 500 error. No one will do it for you. — u_mulder, Sep 26 '17 at 16:04
500 is a server-side error. So debug the PHP and/or check your server logs to find the cause. — ADyson, Sep 26 '17 at 16:10
Turn on PHP display_errors if it isn't already to see what the issue might be. Then use your browser's developers tools -> network tab and check the request response for the error output (or hit the PHP file directly if you know how with POST and get the error output there). — Reza Karami, Sep 26 '17 at 16:13
You are also wide open to [SQL Injection attacks](https://en.wikipedia.org/wiki/SQL_injection) and should really use [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of concatenating your queries. Specially since you're not escaping the user inputs at all. — M. Eriksson, Sep 26 '17 at 16:13
Possible duplicate of [When to use single quotes, double quotes, and backticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql) — M. Eriksson, Sep 26 '17 at 16:15

Rotimi · Answer 1 · 2017-09-26T16:32:35.150

0

As @MagnusEriksson pointed out, In MySQL, with regards to column names only, you use backticks and not quotes to escape sql reserved keywords otherwise you can leave them out.

Change your query to this:

$sql = "UPDATE `wp_users` SET `taskeins` = 1 WHERE `id` = '$current_user'";

Also you need to start using prepared statements as you are using an api (mysqli) that supports it

edited Sep 26 '17 at 16:32

answered Sep 26 '17 at 16:18

Rotimi

4,783
4
18
27

Thanks. Understood. Updated my answer – Rotimi Sep 26 '17 at 16:27

score -1 · Answer 2 · answered Sep 26 '17 at 16:17

-1

I used this, answered. enter code herefunction loadDoc( user) { console.log('aaa'); $.ajax({

            url: "upper.php",
            method: "POST",
            data: {
                'wp_users': user, 'taskeins': '1'
            },
            success: function(data){
                alert(data);
            }
        });
    }

answered Sep 26 '17 at 16:17

Ali Najafi

11
4

1

Is this an answer? What does it solve and how? And what is the difference between this and the OP's code? How does this solve the 500 error on the server side? – M. Eriksson Sep 26 '17 at 16:20

Update-Table function with Ajax call (POST 500 error)

2 Answers2