0

I have done a lot of research on Google and StackOverflow but I can't solve this problem (that's why this question is no duplicate): I have a js function, which is called on click (working). With this function I'm trying to call a PHP script to execute... But it doesn't react... Please tell me what's wrong (complete solution would be appreciated...)

PHP code:

<?php
$servername = "bot-sam.lima-db.de:3306";
$username = "USER379138";
$password = "pwd";
$dbname = "db_379138_1";

$q = $_POST['q'];
$a = $_POST['a'];

function alert($msg) {
    echo "<script type='text/javascript'>alert('$msg');</script>";
}

echo $q . $a;
// echo and alert are not opening so i think the php script isn't executing
alert("question is " . $q);
alert("answer is " . $a);

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

$sql = "INSERT INTO knowledge_base ('question', 'answer')
VALUES ($q, $a)";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>

JavaScript function (which gets called properly; jQuery working):

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        sucess: console.log("SQL entry made")
    });
}

I'm sorry to ask such a simple question but I just can't solve the problem...

fipsi
  • 81
  • 1
  • 7
  • 1
    dataType: 'json' ? You want to get json from php script, but php echoes html! – Eugen Feb 15 '18 at 17:53
  • Is that the correct URL? The browser will assume that script is in the same folder as the page you're on (unless you have a tag). Also, your success function looks suspicious. I believe you need to specify something like function() { ... }. – kmoser Feb 15 '18 at 17:53
  • Your code contains an [SQL injection vulnerability](http://en.wikipedia.org/wiki/SQL_injection) -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is [very easy to fix](http://stackoverflow.com/q/60174/168868). – gattsbr Feb 15 '18 at 17:53
  • Also it _seems_ like you may have given us the actual credentials and info needed to login to your DB - you may want to change that – General_Twyckenham Feb 15 '18 at 17:55
  • you don't have my pwd... i just want to fix this error now. security comes after that – fipsi Feb 15 '18 at 18:00
  • 1
    if both/either question or answer are strings the sql needs for those values to be quoted. As @gattsbr points out - this is vulnerable to sql injection. The alert statements will not do the `alert` as you are calling the php script with ajax... – Professor Abronsius Feb 15 '18 at 18:12
  • but my sql table is empty as well.... – fipsi Feb 15 '18 at 18:15
  • i changed the `dataType` to `text` ... Now the sucess function gets called but the SQL database is empty... – fipsi Feb 15 '18 at 18:20
  • Can you post where the script file is relative to your file containing the JavaScript function. It would also be helpful if you could look at the inspector tools network tab and report what you are seeing. Also, try commenting out the entire file and just doing an echo hello world to test if connection is working. – Kevin Pimentel Feb 15 '18 at 19:49

1 Answers1

1

Try to use the below code

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        success: function(result) {
         console.log(result);
       }
    });
}
Sathishkumar Rakkiyasamy
  • 3,509
  • 2
  • 30
  • 34