POST https://www....?action=getclientRecords is showing Error 500 in fetching data

Question

I have 2 dynamic dependent SelectBoxes one with Client Name and the other with Invoice Date with a button to fetch data according to the client name and his date respectively and populate the form fields below. This whole process is completed and was working but due to the date is not fetching the whole process stops. Now client is up to my arse and I don't know what to do. I am not very good with php or js. If you guys can help me with this and try to explain in more easy way I will be in your debt. TIA.

It was working fine but suddenly its fetching client name but not the dates i don't know why. The program was working fine for almost 5 6 months but few days ago this error occurs out of nowhere without any changes.

I tried to creating new Database thinking may be it was the error but it didn't work.

I also restored the code file with the backup but still no luck.

//data.php

<?php

    require '../db_connection.php';
    header("Access-Control-Allow-Origin: *");

    $action = $_GET['action'];
    if($action=="getclientRecords"){

        getclientRecords($con);
    }

    function getclientRecords($con){

      $id = $_POST['client_id'];
       $sql="SELECT `invoice_data`.`item_date` FROM `invoice_data` WHERE `invoice_data`.`client_id`=$id";
       $result = mysqli_query($con, $sql);
       $results = mysqli_fetch_all($result);
       return json_encode($results);

    }

    $date = $_GET['action'];
    if($date=="getclientRecordByDate"){

    getclientRecordByDate($con);

    }
    function getclientRecordByDate($con){

         $client_date = $_POST["date"];
         $client_id = $_POST["client_id"];
         $sql = "SELECT client_name, `item_date`, item_refe, item_parti, balance_amount, item_amnd, item_amnf, item_tax, item_amniw, item_amnif FROM `invoice_data` WHERE `item_date` = '$client_date' AND client_id = '$client_id'";
         $result = mysqli_query($con, $sql);
         $results = mysqli_fetch_array($result);
         echo json_encode($results);
    }

?>

Result. I.E.

Client name = YAP KHIN CHOY
Date: 2 June, 2019, 3 June, 2019, 5 June, 2019

Pressing Fetch Button:
Populate the form below with the relevant data.

Hi, best way to start debugging is to activate error logs and display them, they will then be part op the result, so you will get invalid json, but you can at least see in the response what is going wrong: [here you can find an example](https://stackoverflow.com/a/21429652/2385117) After you fix the 500 error you will need echo the result of your functions: ie. `echo getclientRecords($con);` otherwise it will not be returned to the requester. hope this helps! — mzijdemans, Aug 05 '19 at 07:48
its confusing, the other method has `return` the other has `echo`. maybe you meant `getclientRecords` to return as `echo json_encode($results);` stay consistent, either you use return inside the function or echo it immediately, just choose one — Kevin, Aug 05 '19 at 07:48
Not related to your specific problem but your code is vulnerable to SQL injection so if you are under pressure now from the client just think what would happen if the system was compromised? — Professor Abronsius, Aug 05 '19 at 08:07

Professor Abronsius · Accepted Answer · 2019-08-05T11:12:51.940

In an attempt to solve both the sql vulnerability and the lack of data being returned ( the data was not echoed back to the ajax function ) perhaps the following might help

<?php

    require '../db_connection.php';


    function getclientRecords( $con=false ){
        $id = isset( $_POST['client_id'] ) ? $_POST['client_id'] : false;
        if( $con && $id ){
            $sql='select `item_date` 
                    from `invoice_data` 
                    where `client_id`=?';

            $stmt=$con->prepare( $sql );
            $stmt->bind_param( 's', $id );
            $stmt->execute();
            $result=$stmt->get_result();
            $data=[];
            while( $rs=$result->fetch_object() ){
                $data[]=$rs->item_date;
            }
            $stmt->free_result();
            $stmt->close();
            return json_encode( $data );
        }
        return false;
    }

    function getclientRecordByDate( $con=false ){
        $date = isset( $_POST['date'] ) ? $_POST['date'] : false;
        $id = isset( $_POST['client_id'] ) ? $_POST['client_id'] : false;

        if( $con && $id && $date ){

            $sql = 'select `client_name`, `item_date`, `item_refe`, `item_parti`, `balance_amount`, `item_amnd`, `item_amnf`, `item_tax`, `item_amniw`, `item_amnif`
                from `invoice_data` 
                where `item_date` = ? and client_id = ?';           

            $stmt=$con->prepare( $sql );
            $stmt->bind_param( 'ss', $date, $id );
            $stmt->execute();
            $result=$stmt->get_result();
            $data=[];
            while( $rs=$result->fetch_object() ){
                $data[]=array(
                    'client_name'       =>  $rs->client_name,
                    'item_date'         =>  $rs->item_date,
                    'item_refe'         =>  $rs->item_refe,
                    'item_parti'        =>  $rs->item_parti,
                    'balance_amount'    =>  $rs->balance_amount,
                    'item_amnd'         =>  $rs->item_amnd,
                    'item_amnf'         =>  $rs->item_amnf,
                    'item_tax'          =>  $rs->item_tax,
                    'item_amniw'        =>  $rs->item_amniw,
                    'item_amnif'        =>  $rs->item_amnif
                );
            }

            $stmt->free_result();
            $stmt->close();
            return json_encode( $data );
        }
        return false;
    }





    $data=[];
    $action = isset( $_GET['action'] ) ? $_GET['action'] : false;

    switch( $action ){
        case 'getclientRecords':
            $data=getclientRecords($con);
        break;
        case 'getclientRecordByDate':
            $data=getclientRecordByDate($con);
        break;
        default:
            $data=['error'=>'no defined action'];
        break;
    }


    header('Access-Control-Allow-Origin: *');
    http_response_code( $action ? 200 : 400 );
    exit( $data );
?>

Thanks a lot for such help this will solve the security issues but my issue still persists. Can you help me with that too? :/ — Hasnnnaiin, Aug 05 '19 at 08:40
I realised I had made a mistake with the original functions so modified these to how they now appear. I tested them briefly and they seemed to work OK — Professor Abronsius, Aug 05 '19 at 11:13
Btw I have a small question to ask. Can i ask here or i need to create another question? — Hasnnnaiin, Aug 06 '19 at 06:49
See i have a datatable and I am displaying data in it but it only shows data when I click on the (table head) i.e. when I click Firstname from column then it shows the data and when i refresh page data isn't visible — Hasnnnaiin, Aug 06 '19 at 06:53
[Link](https://stackoverflow.com/questions/57370685/data-only-shows-in-datatable-when-i-click-on-column-name-th-tablehead-otherw) @RamRaider — Hasnnnaiin, Aug 06 '19 at 07:11

POST https://www....?action=getclientRecords is showing Error 500 in fetching data

1 Answers1