0

My code works great except for the "userName" for some reason sending a string through JSON will not post to table, it sends nothing.

Can anyone see what the problem is?

jquery

lowestScoreId = 1;
userPoints = 50;
userName = "ted";

$.getJSON("functions/updateHighScores.php", {lowestScoreId: lowestScoreId, userPoints: userPoints, userName: userName}, function(data) {

  $('#notes').text(data.userName); //for testing

});

php

lowestScoreId =  json_decode($_GET['lowestScoreId']);
$userName =  json_decode($_GET['userName']);
$userPoints =  json_decode($_GET['userPoints']);

include 'config.php';

$currentTime = time();

mysql_query("UPDATE highScores
SET `name`    = '$userName',
    `score`   = '$userPoints',
    `date`    = '$currentTime'
WHERE id='$lowestScoreId'");

echo json_encode(array("userName" => $userName));  // for testing
Improve this question
7
  • I can't see any usage of $obj. Commented Jul 27, 2012 at 11:58
  • I think you've got it all mixed up... there should've been 1 JSON object sent not three? It should've been something like $obj=json_decode($_GET['jsonObj']) and the rest of the values taken from the JSON object. Another thing... you're not sanitizing your inputs and feeding that straight into your MySQL database. Commented Jul 27, 2012 at 12:01
  • Hmmm, okay. thanks for the tips. I am still a bit new so just getting things to work at this point. Commented Jul 27, 2012 at 12:02
  • Have a look at my answer here: stackoverflow.com/a/11606240/1031312 Commented Jul 27, 2012 at 12:03
  • 2
    @user1555800 This is really just a confusion in what getJSON is. getJSON in jquery means `do a GET request that I expect the result from the server to be JSON formated". The responding server should handle the data as a standard GET request (ie. /something?param1=yes&param2=25) and is expected to send back json (so your last json_encode is correct but the data sent to the server is standard GET data, not json) Commented Jul 27, 2012 at 12:30

1 Answer 1

Reset to default
2

Why do you use this:

$userName = $obj = json_decode($_GET['userName']);

It works correctly

$userName = $_GET['userName'];
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

okay i correct my self, that was the solution. What is json_decode for ?
@user1555800 take a look at this: php.net/manual/en/function.json-decode.php Also, obligatory mention that your code is vulnerable to SQL injection as it stands currently...
if the variable $lowestScoreId contains the following string "' OR '1' = '1". The condition followed by 'OR' is always true and hence the update might be performed on all the rows of the table. mysql_query("UPDATE highScores SET name = '$userName', score = '$userPoints', date = '$currentTime' WHERE id='' OR '1' = '1'");

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.