-1

After one whole day of trying various things I learned from other threads, I still can't get my code to work. I'm basically just trying to send data from a JavaScript function to a localhost database (server created using AMPPS).

Currently, I have a JavaScript file with the following function:

function WritetoDB() {
    alert('Reached. No problem getting here.');
    $.get("savedata.php");
}

I've also tried $.post, $.ajax, (with their appropriate parameters and such) but none of them seem to work either. Originally, the function was supposed to receive and pass on some variables that need to be stored on the database, but I'm trying to get it to work first before passing on any variables.

This is the 'savedata.php':

<?php
$servername = "localhost";
$username = "root";
$password = "mysql";
$databaseName = "database";
$tableName = "table";

$conn = new mysqli($servername, $username, $password);

$A = mysqli_real_escape_string($conn, 'this is A');
$B = mysqli_real_escape_string($conn, 'this is B');
$C = mysqli_real_escape_string($conn, 'this is C');

$sql = "INSERT INTO `database`.`table` (columnA,columnB,columnC)
    VALUES ('$A', '$B', '$C')";

$conn->close();

I tried executing the PHP code in the index.php file and it works (data was sent to the database). However, it doesn't work when I'm trying to call it from a function in the JavaScript file. Most solutions from guides/forums I referred to seems to work for others, but not on mine.

Any help is greatly appreciated and thank you in advance.

Muhammad Omer Aslam
  • 22,976
  • 9
  • 42
  • 68
anon7
  • 3
  • 1
  • Don't rely on the `real_escape_string()` functions to prevent SQL injection, [they alone are not sufficient](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string). You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Nov 22 '17 at 23:47
  • Just a question: You're using JQuery functionality. Have you included all the JQuery files correctly? – KIKO Software Nov 22 '17 at 23:48
  • show code online – Ali Nov 22 '17 at 23:48
  • can you show your current code how you are send data to the php file ? – Muhammad Omer Aslam Nov 22 '17 at 23:50
  • Inspect the actual request in browser dev tools network to see if it is succeeding. If not what is the status? – charlietfl Nov 22 '17 at 23:58
  • @KIKOSoftware There are other functions that use jquery calls ($.ajax) and it works fine so I assume all the JQuery files are included correctly? – anon7 Nov 23 '17 at 10:53
  • @MuhammadOmerAslam The code to send data haven't been built yet as I'm still trying to get the PHP file to save the data ($A,$B,$C). For now, the function WritetoDB was successfully called as the alert was fired. Then, no matter what I tried, no data was saved to the database. I'm unsure if the PHP file was even executed or not. – anon7 Nov 23 '17 at 10:57
  • does running the php file alone with some dummy / predefined values work correctly?, which i donot think so , i just added the fix for your code see if that helps you out @anon7 – Muhammad Omer Aslam Nov 23 '17 at 11:24

1 Answers1

0

In such conditions it is preferred that you try to run the php code standalone with some predefined / dummy values to check if it is working correctly or sending appropriate response that we need from it.

To troubleshoot your php file not saving data into the database first of all you need to do the following.

Remove syntax error on these line 

$B = mysqli_real_escape_string(($conn, 'this is B'));
$C = mysqli_real_escape_string(($conn, 'this is C'));

because of extra parenthesis wrapped change them to 

$B = mysqli_real_escape_string($conn, 'this is B');
$C = mysqli_real_escape_string($conn, 'this is C');

then you are not using the database parameter in you connection change the line

$conn = new mysqli($servername, $username, $password);

to

$conn = new mysqli($servername, $username, $password,$databaseName);

after that you need to execute this query which is the main thing in the insertion of the data into the database, which you are missing kindly add these line before the $conn->close()

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

see here for basic help on how to connect php and mysql database and insert data with sql query

w3schools

Muhammad Omer Aslam
  • 22,976
  • 9
  • 42
  • 68