0

I'm having an issue and i can't seem to see where the error is in my code. I'm trying to update a variable total in my database using a ajax post function on my webpage. The function works as the alert is generated with the correct values when i click the button but my database is not updated. Here is the javascript function:

function buyeqc(){
  var total = $('#eqctotal').val();
  $.ajax({
        url:"buyeqc.php", //the page containing php script
        data: 'total='+total,
        type: "POST", //request type
        success:function(result){
        if (total < "1") {
        alert("Please enter a value greater than 0");
        } else if (total > "1") {
    alert("Thank you for your purchase of "+total+" EQC. Please refresh the page to view your updated balance.");
    }
   }
 });
 }

And here is the PHP script that it's posting to:

<?php

if (isset($_GET['total'])) {

session_start();
include_once 'dbh.inc.php';
$user = $_SESSION['u_uid'];
$eqcbal = $_SESSION['EQCBal'];
$total = $_GET['total'];
$sql = "UPDATE users SET EQCBal = '$total' WHERE user_uid = '$user';";
mysqli_query($conn, $sql);
}
?>

If you can point me in the right direction as to where my error is I would be greatful. I have a feeling it's something very simple or small! Thanks.

Improve this question
3
  • 2
    Your JS says your making a POST request, but your PHP is looking at GET variables. Commented Jan 4, 2018 at 17:14
  • Your code is vulnerable to SQL injection attacks. You should use prepared statements with bound parameters, via either the mysqli or PDO driver. This post has some good examples. Commented Jan 4, 2018 at 17:19
  • Thanks for the input, I realise i should use prepared statements but i'm just trying to get a feel for how it works before diving into those. So i just changed my $_GET to $_POST or is this incorrect? It's still the same issue, alert is generated on the html page but it's not updating my database. Commented Jan 4, 2018 at 17:21

3 Answers 3

Reset to default
1

It because $total in the your php file is NULL, You shold change it to 

`$total = $_POST['total'];`

When you send a post ajax request, data will store in $_POST

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Hi thanks - I have changed this as stated buy still the same issue. My database is not updating. Is it because if (isset($_POST['total']) is incorrect? can I remove this when sending a post ajax request?
Have u check the value of $total and $user in your php file? are them your expected value?
@user3357649: (isset($_POST['total']) is correct. you can remove this when sending ajax post but you shouldn't. it will check for you if "$total"'s value is sent or not
in the other hand, i think you are having a tiny mistake. in the alert block code in the success function, it use the total get from <b>var total = $('#eqctotal').val();</b>. not the total in you php file, so it don't prove that the php file will work
0

You making a post request and php u have get request

Improve this answer

Comments

0

Thanks for the answers - it was the issue with having $_GET instead of $_POST. Also i was pointing to the wrong directory for my dbh.inc.php. Silly errors :) Thanks for the help!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.