-1

I have created a chatbot using rivescript and javascript. I want to save the user's messages and chatbot responses to a database. In html code I have made this form for the messages:

    <div id="dialogue"></div>
    <form onSubmit="return chatbot.sendMessage()">
      <div class="text-box">
         <input type="text" name="message" id="message" autocomplete="off"  placeholder="Please wait... loading...">
        <input class="send-button" type="submit" value=" "  id="butsend">
      </div>
    </form>
  </div>

I used a php file named connect.php to connect with the db. I modified the command: <form onSubmit = "return chatbot.sendMessage ()"> to <form onSubmit = "return chatbot.sendMessage ()" method = "POST" "action =" connect.php> resulting in the user's first message being entered in the database and then a new blank page appearing instead of the dialog. Ιs there any way to continue the dialogue and at the same time store the data in the database when the send button is pressed?

Giota Panagiota
  • 1
  • 3
  • you would need to use AJAX to submit the data, instead of posting back the entire page – ADyson May 05 '20 at 11:14
  • Could you give me an example of how to do that; I am tottaly new in html and I also tried using AJAX without getting any result. – Giota Panagiota May 05 '20 at 11:20
  • Please show what you tried and what the outcome was. There are lots of Ajax tutorials online..we probably don't need to repeat them here. Show us your current code and some debugging info and maybe we can fix your specific issue – ADyson May 05 '20 at 12:50
  • I solved it using ajax. Thank you for your help. My problem now is that not all values are imported in database. @ADyson do you know what could I do to fix it? I have written the code I used in the answer below. – Giota Panagiota May 11 '20 at 14:58

1 Answers1

0

I have solved the problem using this function:

function writetoDB(inputmessage, outputmessage){

            $.ajax({
                url: "save.php",
                type: "POST",
                data: {
                    user: inputmessage,
                    botreply: outputmessage,

                },
                cache: false,
                success: function(dataResult){

                }
            })
}

that calls the php file:

<?php
    include 'database.php';
    $user=$_POST['user'];
    $botreply=$_POST['botreply'];

    $sql = "INSERT INTO `dialogs`( `user`, `bot`) 
    VALUES ('$user','$botreply')";
    if (mysqli_query($conn, $sql)) {
        echo json_encode(array("statusCode"=>200));
    } 
    else {
        echo json_encode(array("statusCode"=>201));
    } 
    mysqli_close($conn);
?>

My problem now is that not all values are imported in database. For example, if there are 20 messages, only 10 are written to the db.

Giota Panagiota
  • 1
  • 3
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. https://phpdelusions.net/mysqli also contains good examples of writing safe SQL – ADyson May 11 '20 at 15:03
  • Anyway...does each INSERT insert one single message? If so, then it is not possible to see, from this code, why only 10 messages succeed. Either the message is not being sent from the browser, or perhaps the SQL query is sometimes failing. You need to do some basic debugging to see which one of these situations is happening. – ADyson May 11 '20 at 15:05
  • You can check for SQL errors quite easily - first enable PHP error logging, if you haven't already (see https://stackify.com/php-error-logs-guide/) and then enable mysqli error reporting (see https://stackoverflow.com/a/14578644/5947043). Then re-run the code and check the log file. – ADyson May 11 '20 at 15:05
  • If I had to guess I'd say maybe unexpected syntax errors are happening in the SQL because you aren't parameterising the queries properly - as well as being vulnerable to injection attacks, it's also vulnerable to generating invalid SQL statement. – ADyson May 11 '20 at 15:08
  • e.g. your code would fail if someone includes a `'` character in their reply because you'd end up with SQL something like `INSERT INTO `dialogs`( \`user\`, \`bot\`) VALUES ('adyson','I don't know what to say')` . Clearly in that example the `'` in `don't` would be treated as the end of the second value string, and everything after it would appear to be invalid nonsense as far as SQL is concerned. Parameterising your query will mean that the SQL engine takes care of ensuring that characters like `'` are treated as part of the value and not part of the query syntax. – ADyson May 11 '20 at 15:09
  • 1
    I think that I solved it!! Thank you very much for your help! Your comments and the links you sent me were very usefull and helped me understand what the problem was and how to fix it. – Giota Panagiota May 12 '20 at 13:07