1

Can anyone explain why this auto complete function was working on localhost but is now not working after uploading to server?

<tr><td>Part Name: </td><td><input type="text" name="PartNum" class="auto" id="pn" style="width:250px" required></td></tr>

                        <script type="text/javascript">
                            $(function() {
                                $(".auto").autocomplete({
                                    source: "autocomplete.php",
                                    minLength: 1
                                });
                            });
                        </script>

autocomplete.php

<?php


$conn = new mysqli($host, $username, $password, $db);

$searchTerm = "%{$_GET['term']}%";

$select = $conn->prepare("SELECT * FROM partindex WHERE PartNum LIKE ?");
$select->bind_param('s', $searchTerm);
$select->execute();
$result= $select->get_result();

while ($row = $result->fetch_assoc())
{
 $data[] = $row['PartNum'];
}
//return json data
echo json_encode($data);
?>

?>

Any help is appreciated. Thank you

egar
  • 51
  • 8
  • 3
    You are **highly vulnerable to SQL injection**. You should never trust the input of any external source into your server. SQL injection allows attackers direct access to your database and gives them the ability to cause **harm**. Look here for solutions: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – shn Jun 26 '19 at 17:11
  • 1
    because on localhost your have errors in your face ? like mysql auth for example. What do your logs tell you ? – YvesLeBorg Jun 26 '19 at 17:26
  • Call autocomplete.php with slash like /autocomplete.php and check. Or use complete path of ajax request file. – Shivendra Singh Jun 26 '19 at 17:38
  • The / didn't work and weirdly i'm not getting any errors back. – egar Jun 26 '19 at 17:50
  • I changed it to reflect a prepared statement – egar Jun 26 '19 at 18:10
  • Solved: my jquery script was http instead of https – egar Jun 26 '19 at 18:31

0 Answers0