0

I have done a lot of research on Google and StackOverflow but I can't solve this problem (that's why this question is no duplicate): I have a js function, which is called on click (working). With this function I'm trying to call a PHP script to execute... But it doesn't react... Please tell me what's wrong (complete solution would be appreciated...)

PHP code:

<?php
$servername = "bot-sam.lima-db.de:3306";
$username = "USER379138";
$password = "pwd";
$dbname = "db_379138_1";

$q = $_POST['q'];
$a = $_POST['a'];

function alert($msg) {
    echo "<script type='text/javascript'>alert('$msg');</script>";
}

echo $q . $a;
// echo and alert are not opening so i think the php script isn't executing
alert("question is " . $q);
alert("answer is " . $a);

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

$sql = "INSERT INTO knowledge_base ('question', 'answer')
VALUES ($q, $a)";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>

JavaScript function (which gets called properly; jQuery working):

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        sucess: console.log("SQL entry made")
    });
}

I'm sorry to ask such a simple question but I just can't solve the problem...

Improve this question
9
  • 1
    dataType: 'json' ? You want to get json from php script, but php echoes html! Commented Feb 15, 2018 at 17:53
  • Is that the correct URL? The browser will assume that script is in the same folder as the page you're on (unless you have a <base> tag). Also, your success function looks suspicious. I believe you need to specify something like function() { ... }. Commented Feb 15, 2018 at 17:53
  • Your code contains an SQL injection vulnerability -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is very easy to fix. Commented Feb 15, 2018 at 17:53
  • Also it seems like you may have given us the actual credentials and info needed to login to your DB - you may want to change that Commented Feb 15, 2018 at 17:55
  • 1
    if both/either question or answer are strings the sql needs for those values to be quoted. As @gattsbr points out - this is vulnerable to sql injection. The alert statements will not do the alert as you are calling the php script with ajax... Commented Feb 15, 2018 at 18:12

1 Answer 1

Reset to default
2

Try to use the below code

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        success: function(result) {
         console.log(result);
       }
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

the code isn't working but now the success function doesn't call
i changed the dataType to text ... Now the sucess function gets called but the SQL database is empty...
@fipsi what is the console.log output?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.