Wordpress unable to insert/update records via Ajax

Question

Hello I'm trying to insert/update record into table from a custom form in wordpress but it's not working, i have tried from several blogs and tutorials but no luck. Here is what i have tried.

Html Form:

<?php 
global $wpdb;
$result = $wpdb->get_results( "SELECT * FROM trader_gm_vendor_methods WHERE id = $current_user" );
?>
<form method="post" id="vendors-payment-form" action="" class="dokan-form-horizontal" novalidate="novalidate">
    <fieldset class="payment-field-bank">
    <input type="hidden" name="action" value="vendor_payment_methods">
    <?php wp_nonce_field( 'vendor_payment_methods_action', 'vendor_payment_methods_name' ); ?>
        <div class="dokan-form-group">
            <div class="dokan-w10">
            <input name="id" value="<?php echo $current_user ?>" class="dokan-form-control"
                             type="number" id="id" required style="display:none">
                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="jazzcash" style="margin-top: 13px;">Jazz Cash Number</label>
                    <div class="dokan-w6">
                        <input name="jazzcash" value="<?php echo $result[0]->jazzcash ?>" class="dokan-form-control"
                            placeholder="Jazz Cash Number" type="text" id="jazzcash" maxlength="11" required>
                    </div>
                </div>

                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="easypaisa" style="margin-top: 13px;">EasyPaisa Number</label>
                    <div class="dokan-w6">
                        <input name="easypaisa" value="<?php echo $result[0]->easypaisa ?>" class="dokan-form-control"
                            placeholder="EasyPaisa Account Number" type="text" id="easypaisa" maxlength="11">
                    </div>
                </div>

                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="ublomni" style="margin-top: 13px;">UBL Omni</label>
                    <div class="dokan-w6">
                        <input name="ublomni" value="<?php echo $result[0]->ublomni ?>" class="dokan-form-control"
                            placeholder="UBL Omni Number" type="text" id="ublomni" maxlength="45">
                    </div>
                </div>

                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="bank1" style="margin-top: 13px;">Primary Bank</label>
                    <div class="dokan-w6">
                        <textarea name="bank1detail" rows="5" class="dokan-form-control"
                            placeholder="Detail of Your Primary Bank" id="bank1"><?php echo $result[0]->bank_1_detail ?></textarea>
                    </div>
                </div>
                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="bank2" style="margin-top: 13px;">Secondry Bank</label>
                    <div class="dokan-w6">
                        <textarea name="bank2detail" rows="5" class="dokan-form-control"
                            placeholder="Detail of Your Secondry Bank" id="bank2"><?php echo $result[0]->bank_2_detail ?></textarea>
                    </div>
                </div>
                <div class="dokan-form-group">
                <label class="dokan-w6 dokan-control-label" for="instructions" style="margin-top: 13px;">Instructions</label>
                    <div class="dokan-w6">
                        <textarea name="instructions" rows="6" class="dokan-form-control"
                            placeholder="Instructions to send payment proof" id="instructions"><?php echo $result[0]->instructions ?></textarea>
                    </div>
                </div>
            </div> <!-- .dokan-w6 -->
        </div>
    </fieldset>
    <div class="dokan-form-group">
        <div class="dokan-w4 ajax_prev dokan-text-left" style="margin-left:24%;">
            <input type="submit" name="update_vendor_payment_settings" class="dokan-btn dokan-btn-danger dokan-btn-theme"
                value="Update Settings">
        </div>
    </div>
</form>

Jquery:

$( document ).on( 'ready', function() {
 
  $("#vendors-payment-form").on("submit", function(e){
      e.preventDefault();
       
      var $form = $(this);
       var data = $form.serialize();
       //data.append('action', 'vendor_payment_methods')
      $.post(dokan.ajaxurl, data, function(response) {
          alert(response);
      }, 'json');
       
  });
   
});

functions.php

// Custom payment method started
add_action( 'wp_ajax_vendor_payment_methods', 'vendor_payment_methods' );
add_action( 'wp_ajax_nopriv_vendor_payment_methods', 'vendor_payment_methods' );
function current_user_id() {
    if ( ! function_exists( 'wp_get_current_user' ) ) {
        return 0;
    }
    $user = wp_get_current_user();
    return ( isset( $user->ID ) ? (int) $user->ID : 0 );
}

function vendor_payment_methods()
{
    global $wpdb;
    $uidd = current_user_id();
    $result = $wpdb->get_results( "SELECT * FROM trader_gm_vendor_methods WHERE id = $uidd" );
    $status = 0;
    $message = "Invalid Access";
    if((int)$_POST["id"]==current_user_id() && isset($_POST["jazzcash"]))
    { 
                $in_array = [];
                $in_array_format = [];
                $in_array["id"] = current_user_id();
                $in_array_format[] = "%s";
                $in_array["jazzcash"] = $_POST["jazzcash"];
                $in_array_format[] = "%s";
                $in_array["easypaisa"] = $_POST["easypaisa"];
                $in_array_format[] = "%s";
                $in_array["ublomni"] = $_POST["ublomni"];
                $in_array_format[] = "%s";
                $in_array["bank_1_detail"] = $_POST["bank1detail"];
                $in_array_format[] = "%s";   
                $in_array["bank_2_detail"] = $_POST["bank2detail"];
                $in_array_format[] = "%s"; 
                $in_array["instructions"] = $_POST["instructions"];
                $in_array_format[] = "%s";    
                 if(count($result)==1)
                 {
                    //update
                    unset($in_array[0]);
                    $rslt = $wpdb->update("trader_gm_vendor_methods", $in_array, current_user_id() );
                    echo json_encode("updated");
                    die();
                 }
                 else
                 {  
                    // insert
                    $rslt = $wpdb->insert("trader_gm_vendor_methods", $in_array);
                    echo json_encode(count($result));
                    die();
                 } 
    }
    else
    {
            $message = 'No nughty business please. Make sure to check required fields';
            echo json_encode($message,$status);
            die();
    }

}

No error but record is not being updated or inserted, can someone point me out where i did mistake? would be much appreciated. Thanks.

I think, your format of passing arguments to the array is not proper. please print the array and other variable before passing to the query. BTW:- what was the use of $in_array_format. Also, your code is very unsecured, you have used the global vars eg: $__POST directly. And should add filters/validations on POST variable, and you can use prepared statements. — D Coder, Nov 10 '21 at 18:42
Aside from inserting unsanitized user input into the database. Your use of "update" is wrong. https://developer.wordpress.org/reference/classes/wpdb/update/ — Howard E, Nov 10 '21 at 19:46
Sorry @DebasisRath I'm not a php developer so in database i have a col with type int and others are text, do we need type casting as well? and i have checked the array, data is correctly added to the array. — Mujtaba, Nov 10 '21 at 20:06
@HowardE, yes it seems like the query parameters are not in format, Mujtaba, you can first check your update statement with hard-code ( manually add field values ), but make sure it is in format as mentioned on the link, check everything is ok there, then check with real-data ( but check again the parameter(s) in format ) — D Coder, Nov 11 '21 at 02:45
@DebasisRath i have checked, the data in array is not in correct format. When i pass the array, nothing happen, but with direct params, data inserts successfully. Can you share what is the correct way to create an array and pass it? Thanks — Mujtaba, Nov 11 '21 at 06:40
```$query_u="UPDATE ".$table_name." SET jazzcash='".$_POST["jazzcash"]."', easypaisa='".$_POST["easypaisa"]."', ublomni='".$_POST["ublomni"]."', bank_1_detail='".$_POST["bank1detail"]."', bank_2_detail='".$_POST["bank2detail"]."', instructions='".$_POST["instructions"]."' where id=".$uidd;``` ```$rslt = $wpdb->query($wpdb->prepare($query_u));``` That works, is this a better approach? — Mujtaba, Nov 11 '21 at 06:41
You need some basic tutorials:- Update record on WordPress (with prepared statement):- https://wordpress.stackexchange.com/questions/31533/wpdb-prepare-and-mysql-update-how-is-it-done . Working with string + variable:- https://stackoverflow.com/questions/5605965/php-concatenate-or-directly-insert-variables-in-string https://www.droptica.com/blog/combining-string-literals-and-variables-php/ — D Coder, Nov 11 '21 at 06:57
You should never concatenate $_POST,$_GET,$_REQUEST variables directly to the query string. even if it works, your code will be vulnerable. — D Coder, Nov 11 '21 at 06:59
Sorry, I'm new to php, what would be the best alternative for ```$_POST``` to use? Much appreciated. — Mujtaba, Nov 11 '21 at 07:23

Wordpress unable to insert/update records via Ajax

0 Answers0