2

I have phppage.php which connects to a MySQL database:

<?php

    $list = 'A,B,C';

    $cxn   = mysqli_connect("localhost", $username, $password, $database) or die("Didn't connect");        
    $query = "SELECT * FROM Questions3 WHERE 1 IN ($list) ORDER BY RAND() LIMIT 10";

    $result = mysqli_query($cxn,$query) or die ("Didn't work");

    while( $row = mysqli_fetch_assoc($result) )
    {
        echo "<div>";
        echo $row['columnname'];
        echo "</div>";
    }

This pulls out 10 random database entries where columns A, B or C have the value "1".

This page runs fine on its own. But I actually need to call this using AJAX (which I'm new to), from another page using checkboxes. So instead of 

$list = 'A,B,C'

I need 

$list = "data1"

where the jQuery on my main page is:

$(document).ready(function(){
  $("button").click(function(e){
    e.preventDefault();
    var data1 = 'A,B,C';
    $.ajax({url:"phppage.php", type:"POST", data:data1, success:function(result){
      $("#display").html(result);
    }});
  });
})

And the html is:

<button>Press</button>
<div id="display">Data should show here</div>

(Obviously in this simplified version I'm ignoring the checkboxes).

However, when I press the button, I get "Didn't work" displayed. So "data1" in my JQuery is not transferring to become my $list in the PHP.

What's wrong with my AJAX: how can I transfer the "data1" string?

Improve this question
5
  • Replace die ("Didn't work"); with die( mysqli_error($cxn) ); What output do you see now? (An MySQL error, don't you?) Commented Aug 20, 2014 at 17:04
  • You don't seem to be using the input from the AJAX call anywhere in your phppage.php (ie. via $_POST["data"]).. is that deliberate? Commented Aug 20, 2014 at 17:07
  • I get "Unknown column 'data1' in 'where clause'" - which I think is what I'm saying: it's not recognising 'data1' as 'A,B,C'... So the string isn't transferring properly? Commented Aug 20, 2014 at 17:08
  • 1
    Please, use PDO. I guess you're vulnerable to SQL injections in 3, 2, 1... phptherightway.com/#databases Commented Aug 20, 2014 at 17:08
  • Ah okay msturdy - (I did have that at one point!). I now get an error message saying: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') ORDER BY RAND() LIMIT 10' at line 1"... But then, why does the PHP page work when it's run on it's own? Commented Aug 20, 2014 at 17:09

3 Answers 3

Reset to default
2

The problem is the way you send your data in javascript:

// data1 is a string
data:data1

The data key expects key - value pairs, so you would have to do something like:

data: {'mydata': data1}

And then you would have your string in php in $_POST['mydata'].

And when you use posted values / user input, you should make sure you avoid sql injection by using a prepared statement or mysqli_real_escape_string() on the input variables.

Also note that when you use IN in mysql, each value you want to use has to be bound individually, you cannot bind a range when you use a prepared statement.

And lastly, do you want to check for the number 1 or do you have a column named 1? If it is the latter, you need to quote it in backticks:

SELECT * FROM Questions3 WHERE `1` IN (?,?,?) ORDER BY RAND() LIMIT 10
                               ^^^ here
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I would suggest first considering the risks of blindly accepting POST data as-is without some form of sanitization. That said, the immediate answer to your question (getting data from your Ajax sample to the PHP sample) is to tell the PHP to check your incoming POST data:

$list = $_POST['my_first_variable'];

The other issue I see is that you're pumping a variable (data1) into your data: argument but not specifying the name of the variable. In keeping with my example code above, you might adjust your invocation to read: $.ajax({url:"phppage.php", type:"POST", data:{my_first_variable: data1}, success:function(result){

You would ideally submit POST data as name/value pairs. PHP does have the ability to read the raw POST data as a single string using input:// but this is not the standard means of transferring this kind of data.

Improve this answer

1 Comment

Thanks - I think same answer as above, and I will look into sanitization... Cheers!
-1

$result = mysqli_query($cxn,$query) should be $result = mysqli_query($query, $cxn).

Improve this answer

1 Comment

Duh! Missed that, sorry.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.