2

so I have a JavaScript function which calls to a PHP file using an asyncronous method. This is my code

JavaScript

var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function() { 
    if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
        callback (xmlHttp.responseText);
}
xmlHttp.open("GET", "http://127.0.0.1/formulario/insertReporte.php?"+'nombreAlumno='+nombreAlumno+'&noCta='+noCta+'&semestre='+semestre, true);
xmlHttp.send(null);

And here is my PHP File

<?php

$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";

$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ($nombreAlumno,$noCta,$semestre)";

if ($conn->query($sql) === TRUE) {
    $last_id = $conn->insert_id;
    echo $last_id;
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

My issue comes on this line $nombreAlumno = $_GET['nombreAlumno']; as I get this error

enter image description here

On my database my nombreAlumno field is declared as a varchar.

I know my connection works because if I change that line into $nombreAlumno = intval($_GET['nombreAlumno']); it inserts 0 into my database.

Any ideas what am I doing wrong?

Improve this question
1
  • omar is a string put it into 'omar' (single quot) Commented Oct 19, 2015 at 5:44

2 Answers 2

Reset to default
3

You need to add quotes around your values. Also use mysqli_real_escape_string before insert into database to prevent sql injection

$nombreAlumno=mysqli_real_escape_string($conn, $nombreAlumno);
$noCta=mysqli_real_escape_string($conn, $noCta);
$semestre=mysqli_real_escape_string($conn, $semestre);

$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Do I add real_escape_string even if my variables $noCta and $semestre are ints?
yes why not!! always use mysqli_real_escape_string before insert into datanase
So, I did that and now its not inserting anything into the database nor throwing any errors.
echo $sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre) VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')"; and check your query
Seems it was just my server being weird, restarted it and it works now, thank you very much! Edit: Just got 15 reputation so I'm definitely upvoting. :)
0

Try this

<?php

$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";

$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";

if ($conn->query($sql) === TRUE) {
    $last_id = $conn->insert_id;
    echo $last_id;
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.