1

I'm trying to send a string from my JS file to my PHP file with an AJAX POST call and then insert that string into my Wordpress database.

I am able to send the string however I get this error message:

Notice: Undefined index: data in C:\Bitnami\wordpress-5.0.3-2\apps\wordpress\htdocs\wp-content\plugins\Kalkylator\templates\create.php on line 81

line 81 is: $data = $_POST['data'];

JS FILE 

$(document).ready(function() {
  var testingString = "hello people";
  $.ajax({
    url: "admin.php?page=jvformbuilder_create",
    method: "POST",
    data: { 'data': testingString }, 
    success: function(result) {
      console.log("result: " + result);
    },
    error: function(error) {
      console.log("error: " + error);
    }
  });
});

PHP FILE

$data = $_POST['data'];   
echo $data; 
insertToDB($data);    

function insertToDB($data)
{
  $db = new mysqli('localhost', 'root', 'password', 'bitnami_wordpress');

  if ($db->connect_errno > 0)
  { 
    die('Unable to connect to database [' . $db->connect_error . ']');
  }

  // Attempt insert query to database.
  $testing = "INSERT INTO wp_test (value) VALUES ('$data')";

  mysqli_close($db);
}

Here is the file structure

Here is the file structure

I am currently working on my happypath hence why I don't validate the input to the database.

All help and tips are welcome, thanks in advance :D

Edit: I managed to solve the problem, it was like alot of people suggested that the data was being redirected in admin.php. so I just moved my php function there and now it works (atleast for my happypath). Thanks alot to all who took their time to help :D

Drohano
  • 47
  • 1
  • 6
  • 2
    Which is line 81? What does the echo $data outputs? – pr1nc3 Mar 20 '19 at 14:50
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Mar 20 '19 at 14:55
  • @pr1nc3 Line 81 is $data = $_POST['data']; – Drohano Mar 20 '19 at 14:59
  • Can you tell us which file is the one you are showing us? The file you are sending the post and the one that throws the error are not the same. – Elanochecer Mar 20 '19 at 15:05
  • @Elanochecer there we go. I am doing the ajax call from my JS file, and the error is thrown by the php file – Drohano Mar 20 '19 at 15:08
  • @Drohano I'd `var_dump()` out `$_POST` so that you can see what's being sent. – Daniel G Mar 20 '19 at 15:11
  • @DanielG when I do `var_dump($_POST)` I get `array(0) { }`. Does that mean nothing is being sent or that it's trying to send an array instead of a string? – Drohano Mar 20 '19 at 15:15
  • @Drohano That means the AJAX isn't posting to the correct URL. You should see what the response is in the network tab of your browser's developer tools. – Daniel G Mar 20 '19 at 15:18
  • 1
    @Drohano, the url you are pointing to is not the one that throws the error. admin.php vs create.php. – Elanochecer Mar 20 '19 at 15:19
  • @DanielG i'm a bit of noob when it comes to the network tab, what kind of response am I looking for? – Drohano Mar 20 '19 at 15:25
  • @Drohano Not sure what browser you're using, but for any Chromium browser here's how to access the tab: https://developers.google.com/web/tools/chrome-devtools/network/ and for Firefox https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor. The network tab will give you the response of files and scripts being loaded. It will show the response of the AJAX in the console. If you `var_dump()` on a page and request it via AJAX, it will show as the response. – Daniel G Mar 20 '19 at 15:28
  • @DanielG okay, I'm a tiny bit lost, I am in the network tab I can the loaded scripts but i'm still unsure about what I'm looking for. – Drohano Mar 20 '19 at 15:41
  • @Elanochecer could you explain a bit more. is it the admin.php that throws the error? – Drohano Mar 20 '19 at 15:42
  • @Drohano, if you read the error is thrown by create.php not admin.php. admin.php is the file you are sending the request to. Then we need to know what happens between that, when and how the request move from admin.php to create.php. – Elanochecer Mar 20 '19 at 15:45
  • @Elanochecer this might have been me being unclear but i'm trying to send it to create.php. since this is for a plugin to wordpress (which i missed to mention sry about that) the path to create.php if I'm not mistaken is `admin.php?page=jvformbuilder_create` – Drohano Mar 20 '19 at 15:51
  • @Elanochecer I have updated the post with a pic of the file structure, because The URL to admin.php is `admin.php?page=jvformbuilder` – Drohano Mar 20 '19 at 16:14
  • Maybe but, that's why somewhere, maybe at admin.php, the code is being redirected. And that can be the key to fix this. Follow the stack trace and see if you have access to the post data there, also try to send it with get to see if its just post whats lost. I can't help you more without knowing more. Hope this helps. – Elanochecer Mar 21 '19 at 07:28
  • @Elanochecer will check that out. Thanks alot for all the help :D chers – Drohano Mar 21 '19 at 07:57
  • @Elanochecer I took deeper look in the result i get from success and it returns the entire create.php file, furthermore at the `var_dump($data)` line I get `array(1) { ["data"]=> string(12) "hello people" ` so I can see the it in the result but not on the page itself, any ideas why this might be happening. – Drohano Mar 21 '19 at 08:31
  • @Drohano where is that var_dump() ? – Elanochecer Mar 21 '19 at 09:06
  • @Elanochecer o right forgot edit the code but instead of `$data = $_POST['data']; echo $data; insertToDB($data);` I now have `var_dump($data); $data = $_POST['data']; echo $data;` I think the problem might be that I try to display the `$data` before i send it. – Drohano Mar 21 '19 at 09:29
  • Remove quotes from `'data'` – Azael Mar 21 '19 at 14:39
  • @Drohano if is the same php then your guess might be right. Anyways if your var_dump have that then you dont need to access post to get that anymore. – Elanochecer Mar 21 '19 at 15:05
  • @Elanochecer i managed to make it work, if you look at my edit I explained a bit how I did it. Thanks alot for all your help my man:D chers – Drohano Mar 21 '19 at 15:10
  • @Drohano, You are welcome, I'm glad I was able to help you :) – Elanochecer Mar 21 '19 at 15:13

1 Answers1

1

You need to pass $data to the insertToDB() function. You currently reference it like this:

$data = $_POST['data'];   
echo $data; 
insertToDB ();

You need to do this:

$data = $_POST['data'];   
echo $data; 
insertToDB ($data);
Daniel G
  • 539
  • 4
  • 10
  • That's an error, not the error, that would produce too few arguments exception. The error he is asking about happens before. – Elanochecer Mar 20 '19 at 14:56