2

I have a form that submit data on a click via ajax it runs a php script. This bit is working what I want is for when the php runs it return a value for success or not but it seems to be failing and I can't see why.

This is the form

<div id="container"></div>
<form id="availability-check" class="appnitro"  method="post"  onsubmit="return false">
  <label class="description" for="element_1">Post Code </label>
  <input id="postcode" name="postcode" type="text" maxlength="10" value="" placeholder=" e.g. WC1  1AA"/>

  <input id="check-availability" class="art-button check-availability" type="submit" name="submit" value="Submit" />
</form>

This is the javascript

$(document).ready(function(){
  $("#availability-check").submit(function(){

  var getField = $("#postcode").val();
 $.ajax({
             url: '/index.php/postcodeupdate' , 

             type: 'POST',
             data: '{ postcode: getField }',

             dataType: "json",

             success: function(data){ 

               $('#container').append(data)      

             }
          });   
  });
});

And this is the php

<?php

if(!empty($_POST['postcode'])){

$postcode=$_POST["postcode"];

$postcode= preg_replace('/\s+/', '', $postcode);

$db = JFactory::getDBO();

$query = "SELECT * FROM rex71_postcodes WHERE postcode='". $postcode . "'";
$db->setQuery($query);
$reply = $db->query();
$rowsnum = $db->getNumRows();

if($rowsnum>0){

header('Content-Type: application/json');

echo json_encode(array('result' => '1'));

}

else{

header('Content-Type: application/json');

echo json_encode(array('result' => '0'));

}

}
?>
Improve this question
3
  • possible duplicate of How to return AJAX response Text? Commented Aug 22, 2013 at 14:33
  • You are vulnerable to SQL injection Commented Aug 22, 2013 at 14:33
  • Are you sure you're actually getting into the submit event? the onsubmit="return false" looks out of place. you should remove that and instead return false in your jQuery submit handler. Commented Aug 22, 2013 at 14:36

1 Answer 1

Reset to default
4 
data: '{ postcode: getField }',

This makes no sense. You want this:

data: { postcode: getField },

Then you will receive the value as a POST value and assuming your PHP code is correct everything will work.

Oh, and please read about SQL injection. Right now your code is very vulnerable.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

cheers. It still doesn't seem to work. This is for internal uses so the code just needs to work and am not worried about SQL injection at the moment.
To be honest, even for an intranet application this is not acceptable. Imagine someone CSRFing you to inject malicious code. Or a troll coworker who thinks it's funny to try injecting something.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.