0

I have the following jQuery ajax call to a php script:

actualHtml = $('div').html(); // could this line be causing an issue?
$.ajax({
        type: 'POST',
        url: 'save-html-css-action.php',
        data: { 
           'htmlTextToSave': htmlTextToSave,
           'actualHtml': actualHtml,
           'userId':userId
        },
        success: function(msg){
            alert(msg);
        }
});

php:

$htmlCssToSave = $_POST['htmlTextToSave'];
$userId = $_POST['userId'];
$actualHtml = $_POST['actualHtml'];


$mysqli = new mysqli($servername, $sqlusername, $sqlpassword, $dbname);

/* check connection */
if (mysqli_connect_errno()) {
    //printf("Connect failed: %s\n", mysqli_connect_error());
     echo "Connection failed: ".mysqli_connect_error();
    exit();
}


    $mysqli->query("INSERT INTO user_saved_data (user_html_css_code, dd_id, actual_html) values ('".$htmlCssToSave."',".$userId.",'".$actualHtml."')");
    echo "success";

    /* close connection */
    $mysqli->close();

but when I check the database, the data isn't there. Am I doing something wrong in the jquery/php combo (meaning the ajax call)? I'm getting a javascript "success" alert, so it's hitting the script, but I'm not sure why the info isn't being inserted.

The table datatypes are medium text for both the htmlcsstosave and the actualhtml columns, and int for userid (not the primary key, this is a foreign key to another table)

so I added a an error alert and this is the output

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'margin-0'>
<head> </head>
<body cl' at line 1

Improve this question
4
  • 2
    Go ahead and find out why, if(!$mysqli->query(....your query)){ echo $mysqli->error; } Also, you're accepting user input and should be using prepared statements to help fight sql injection. Commented Mar 26, 2015 at 23:24
  • .. this is gonna be fun, I'm trying to save html, and its saying bad syntax at somewhere, will update the question as I'm not sure what exactly the syntax it doesn't like is Commented Mar 26, 2015 at 23:28
  • No need. Simply change to prepared statements and you'll be good. Commented Mar 26, 2015 at 23:29
  • No need to go digging; I've provided you with the prepared solution below. Commented Mar 26, 2015 at 23:36

2 Answers 2

Reset to default
3

As we discussed, the issue is with escaping and sanitizing data. If you used prepared statements, it will handle it for you. let's have a look at how that would work:

Prepare the statement:

$stmt = $mysqli->prepare("INSERT INTO user_saved_data (user_html_css_code, dd_id, actual_html) values (?,?,?)");

Bind your parameters:

$stmt->bind_param('sis', $htmlCssToSave, $userId, $actualHtml);

Then execute your statement:

$stmt->execute();

Then you should be good to go. The prepared statement should handle the data sanitization for you now.

Resouces:

  1. mysqli prepare
  2. mysqli bind_param
  3. mysqli execute
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'm getting an error Call to undefined method mysqli::bind_param()
actually I think I fixed it, had to set the prepare to another variable $statement and call bind on that
@AbdulAhmad You're totally right. I omitted that in my initial answer. I've updated to reflect that fact; sorry for that!
2

Can you post the CREATE TABLE statement for the user_saved_data table?

In general, I'd recommend just tracing it through and see where the data gets lost.

For example, can you echo the query you are generating and run in manually in MySQL? You may have a syntax error in the SQL being generated...

Improve this answer

1 Comment

I understand that as you have a low reputation, you're not able to post comments, but this is for a reason. Please refrain from posting comments as answers. Once you have enough karma (50 or so), you can post comments. I won't downvote you, so that you don't have to climb the hill back, but please delete this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.