Ajax Form Validate Php Insert Query

Question

i'm trying to add data to database with jquery. My code is here, but its not working.

Using bootstrap form, with that form i'm trying to send input datas to specific page (in this situation, adduser.php) in that page, i'm trying to check this values to database for be sure there is no same data (i'm checking email adresses) Can you help me guys?

<script>
$(document).ready(function(){
    $('#adduser').click(function(){

        var add_name = $('#add_name').val();
        var add_surname = $('#add_surname').val();
        var add_email = $('#add_email').val();
        var add_password = $('#add_password').val();

        if(add_name == '' || add_surname == '' || add_email == '' || add_password == '' ){
            $('#add_user_error').html("<strong class='text-danger'>*** Please enter all details</strong>");
        }else{      

            $.ajax({
                url: "adduser.php",
                method: "post",
                data:{add_name:add_name,add_surname:add_surname,add_email:add_email,add_password:add_password},
                success: function(data){
                    if (data == 1) {
                $('#add_user_error').html("<strong class='text-danger'>This email have in database</strong>");              
            }else{
                $('#add_user_error').html("<strong class='text-success'>Success</strong>"); 
            }

            }               

                }); return false;       
        }
    });
});
</script>


<?php  
include ('setup.php'); //Database connection dbc


if(isset($_POST['adduser'])){

    $add_name = $_POST['add_name'];
    $add_surname = $_POST['add_surname'];
    $add_email = $_POST['add_email'];
    $add_password = $_POST['password'];


$q = "SELECT * FROM users WHERE email = '$add_email'";
$r = mysqli_query($dbc, $q);

$adduser = mysqli_fetch_assoc($r);


if($adduser['email'] !== $add_email){
    $q = "INSERT INTO users (name,surname,email,password) VALUES ('$add_name','$add_surname','$add_email','$add_password')";
    $r = mysqli_query($dbc, $q);    
}
}
?>

if(isset($_POST['adduser'])) is returning False as you never sent adduser from data part of your ajax — imox, Dec 01 '17 at 12:14
old: data:{add_name:add_name,add_surname:add_surname,add_email:add_email,add_password:add_password} new:data:{add_name:add_name,add_surname:add_surname,add_email:add_email,add_password:add_password,adduser:1}, — imox, Dec 01 '17 at 12:18
Your `$q = "INSERT INTO users (name,surname,email,password) VALUES ('$add_name','$add_surname','$add_email','$add_password')";` is vulnerable to SQL injection.. ( https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 ) — Raymond Nijland, Dec 01 '17 at 12:23
**Never** store plain text passwords. Instead use [`password_hash()`](http://us3.php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://us3.php.net/manual/en/function.password-verify.php). If you're using a version of PHP prior to 5.5, do **not** use MD5 or SHA1 to hash passwords. Instead you can use [this compatibility pack](https://github.com/ircmaxell/password_compat). — Alex Howansky, Dec 01 '17 at 14:48

score 4 · Accepted Answer · answered Dec 01 '17 at 12:22

4

There could be any other mistake too but I think you need to send adduser from ajax. Then only $_POST['adduser'] will be true (it is false now, as it isn't set)

Replace your data line with line below and try

data:{add_name:add_name,add_surname:add_surname,add_email:add_email,add_password:add_password,adduser:1}

answered Dec 01 '17 at 12:22

imox

1,544
12
12

Yeap, this is it. Thanks – Nihat Özyedi Dec 01 '17 at 12:28

score 0 · Answer 2 · answered Dec 01 '17 at 12:30

0

In your ajax code pass your form data using serialize method

$.ajax({
        url: "adduser.php",
        method: "post",
        data:$('#yourformid').serialize(),
        /* your remaining code as it is  */

answered Dec 01 '17 at 12:30

Bhupendra Mistry

598
3
11

Ajax Form Validate Php Insert Query

2 Answers2