Updating Database on Input change - jQuery

Question

I have tried answers from various questions here and also from examples on google, however, none seem to be workings not sure what I am doing wrong.

I have the following code

<form>
<input type="text" id="regoffice_1" value="<?php echo $result['regoffice_1'];?>">
<input type="hidden" name="companyid" value="1">
</form>
<script>
$("#regoffice_1").on("change", function() {
  var itemVal = $("#regoffice_1").val();
  var dataObj = {companyid: $("#companyid").val(), regoffice_1: $("#regoffice_1").val()};

  processChange(dataObj);
});

function processChange(dataObj){

  $.ajax({
    type: "POST",
    url: "inc/dataforms/test.php",
    data: dataObj,
    dataType: "text", // If you expect a json as a response
    complete: function(data) {
      var Resp = data.responseText;
      console.log(Resp);
    }
  });
};
</script>

In the PHP file just a simple query

<?php
include('../config.php');
mysqli_query($dbc,"UPDATE `comp_companies`  SET `regoffice_1` = '$_POST[regoffice_1]' WHERE `company_id` = '$_POST[companyid]'");
?>

Nice and simple .. however I'm getting no errors shown or anything shown in the console and no data being updated

What am I missing ??

I'm no PHP expert, but it looks like you need to concatenate the `$_POST` values in to the SQL string. You also need to quote the property names, eg `$_POST['regoffice_1']`. You should also *really* look in to using prepared statements as your code is completely insecure; it's just asking for a SQL injection attack — Rory McCrossan, Jul 25 '18 at 08:50
[Bobby table is real](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). Look for [how to sanitize your inputs](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Zyigh, Jul 25 '18 at 08:52

Zakaria Acharki · Accepted Answer · 2018-07-25T09:04:14.197

3

You must add an id to your input :

<input id="companyid" type="hidden" name="companyid" value="1">
_______^^^^^^^^^^^^^^

Since you're selecting by id in :

{companyid: $("#companyid").val(), regoffice_1: $("#regoffice_1").val()};
_____________^^^^^^^^^^^^^^

Else you could use name selector instead like :

{companyid:  $('input[name="companyid"]').val(), regoffice_1: $("#regoffice_1").val()};

NOTE : You need to add quotes to your $_POST[]:

mysqli_query($dbc,"UPDATE comp_companies  SET regoffice_1 = '".$_POST["regoffice_1"]."' WHERE company_id = '".$_POST["companyid"]."'");

edited Jul 25 '18 at 09:04

answered Jul 25 '18 at 08:50

Zakaria Acharki

66,747
15
75
101

Glad I could help, that happen :) – Zakaria Acharki Jul 25 '18 at 08:58

score 0 · Answer 2 · answered Jul 25 '18 at 09:02

Following @Zakaria's answer you also using

...'$_POST[regoffice_1]' and '$_POST[companyid]'

in your UPDATE. You missed the quotes on $_POST['key'] as it's an associative array

"UPDATE `comp_companies`  SET `regoffice_1` = ' . $_POST['regoffice_1'] . ' WHERE `company_id` = '" . $_POST[companyid] . "'"

Updating Database on Input change - jQuery

2 Answers2