PHP, MySQL and AJAX: Storing selected elements in a database

Question

I have multiple elements with checkboxes; on selecting a box, I want to store some of its attributes passed via the ajax data parameter into a database table. Here's an example of the JS and html markup.

$("input[type="submit"]").live("change", function() {
    if($(this).is(":checked")) {
        $.ajax({
            type: 'post',
            url: 'fetch.php',
            data:
                {
                    id: $(this).attr('id'),
                    checked: 'yes'
                }
        })
    }
})

<li>
  <label for="one"></label>
  <input type="checkbox" name="one" id="one">
</li>
<li>
  <label for="two"></label>
  <input type="checkbox" name="two" id="two">
</li>
<li>
  <label for="three"></label>
  <input type="checkbox" name="three" id="three">
</li>

However, as a PHP and mysql newbie, after succesfully connecting to my mysql table, I got stuck on the actual PHP code. The following doesn't do anything and I'm struggling to proceed.

<?php
if(isset($_POST['id'])){
  if (is_array($_POST['id'])) {
    foreach($_POST['id'] as $value){
      $query = "INSERT INTO my_table VALUES ". $value. ";";
      mysql_query($query) or die(mysql_error());
    }
  } else {
      echo "nothing checked";
  }
}
?>

Any help would be greatly appreciated.

It looks like $_POST['id'] will never be an array because each time you click a checkbox it sends exactly one id field. — James, Jan 31 '18 at 22:16
What version of jQuery are you using? `.live()` was deprecated in 1.7 and removed in 1.9. You should use `.on()` for event delegation. — Barmar, Jan 31 '18 at 22:21
I don't think the `change` event fires on submit buttons. You should be using `click`. And submit buttons can't be checked. — Barmar, Jan 31 '18 at 22:24
That should be `$("#formid").on("click", ":checkbox", function() { ... })` — Barmar, Jan 31 '18 at 22:25
@Barmar, yes or some such, I was editing my comment as you added yours, the "submit" point remains valid, no form to submit here in the OP post...can/should we assume that? Not sure. — Mark Schultheiss, Jan 31 '18 at 22:29

score 0 · Answer 1 · answered Jan 31 '18 at 22:11

0

Your INSERT query is not well formated.

Try something like this :

$query = "INSERT INTO my_table (column_name) VALUES ('". $value. "')";

Important note : Your code is vulnerable to SQL injections and may compromise the security of your database. You should use PDO or mysqli APIs to secure your SQL queries, and using prepare function.

answered Jan 31 '18 at 22:11

Syscall

19,327
10
37
52

Don't do that, use parameters for example https://stackoverflow.com/questions/16167924/c-sharp-with-mysql-insert-parameters – Mark Schultheiss Jan 31 '18 at 22:14
Thanks; does the ajax and the rest of the PHP look correct to you? – Jan 31 '18 at 22:14
@MarkSchultheiss I warn O.P. of the dangers of non-prepared queries. Thanks. – Syscall Jan 31 '18 at 22:16
@IsaaK08 Please read the **important note** in the anwser. – Syscall Jan 31 '18 at 22:17
Another example for the OP https://stackoverflow.com/a/31149701/125981 – Mark Schultheiss Jan 31 '18 at 22:21
@Syscall, yes, just making it painfully obvious to the OP hence the comment/examples. – Mark Schultheiss Jan 31 '18 at 22:22
@IsaaK08 The rest of the PHP is wrong. `$_POST['id']` is not an array, so you shouldn't use a `foreach()` loop. – Barmar Jan 31 '18 at 22:22
@Barmar realized my mistakes. Thanks! – Jan 31 '18 at 22:24

PHP, MySQL and AJAX: Storing selected elements in a database

1 Answers1