PHP & amp; Inserting a blank MYSQL database
source link: https://www.codesd.com/item/php-inserting-a-blank-mysql-database.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PHP & amp; Inserting a blank MYSQL database
OK so I am new to php,ajax and mysql and I have searched the forum trying everything but still nothing..I know it's some simple mistake but as it stands my code is entering blank info into the database through my forms but when I type the string directly in the query it appears in the database, please help me
PS I know it might not be the most secure code but that's not the issue at hand
function message(){
alert("You are about to compose a message");
var stuff=[
'<div id ="compose_window">',
'<div id="new_message">',
'<div id="header"><strong> New Message </strong></div>',
'</div>',
'<form action="" method= "post">',
'<fieldset>',
'<strong>To</strong><br> <input type="text" id ="recipient" name="recipient" class="textfield"> <br>',
'<strong>Subject</strong><br> <input type="text" id="subject" name="subject" class="textfield"> <br><br>',
'<strong>Message</strong><br> <textarea id = "content" name="content" cols="40" rows="5"></textarea> <br>',
'<button id="send" type="button" onclick= loadXMLDoc()> <strong> Send </strong> </button>',
'</fieldset>',
'</form>',
'</div>',
'<div id="Response"></div>',
].join('');
document.getElementById("area").innerHTML= stuff;
}
function loadXMLDoc()
{
var xmlhttp;
if (window.XMLHttpRequest)
{// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}
xmlhttp.onreadystatechange=function()
{
if (xmlhttp.readyState==4 && xmlhttp.status==200)
{
document.getElementById("ajaxResponse").innerHTML=xmlhttp.responseText;
}
}
xmlhttp.open("GET","send.php",true);
xmlhttp.send();
}
and this is the php for the insertion
<?php
$con=mysqli_connect("127.9.52.129","boballen","","cheapomail");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO messages (subject, recipient_ids, body)
VALUES
('$_POST[subject]','$_POST[recipient]','$_POST[content]')";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "Message Sent 1 record added";
mysqli_close($con);
?>
Your code is vulnerable to SQL injection, please use prepared statements or escape the variables before using them in the query. The reason, why you get empty row when inserting, is this:
you are using $_POST array in your query, while sending the data through GET request in Ajax:
xmlhttp.open("GET","send.php",true);
use $_GET instead of $_POST:
$sql = "INSERT INTO messages (subject, recipient_ids, body)
VALUES (?,?,?)";
if ($stmt = $mysqli->prepare($sql)) {
/* bind parameters for markers */
$stmt->bind_param("sss", $_GET['subject'],$_GET['recipient'],
$_GET['content']);
/* execute query */
$stmt->execute();
}
You are also not sending GET parameters in Ajax request. Try adding them, using something like this:
subject = encodeURIComponent(document.getElementById("subject").value);
recipient = encodeURIComponent(document.getElementById("recipient").value);
content = encodeURIComponent(document.getElementById("content").value);
xmlhttp.open("GET","send.php?subject=" + subject + "&recipient="
+ recipient + "&content=" + content,true);
Where you get subject, recipient and content variables from the appropriate inputs on your page.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK