0

I can't seems to retrieve the PHP POST value from the form. The inputs value are being retrieved from Ajax and being inserted into input form below. However, the test on form submission can't retrieve value from the input. May I know what is the issue and how to solve it? Thanks in advance.

UpdateProfile.php

<?php
session_start();
include("dbcon.php"); 

if(isset($_POST['updateProfile']))  
{  
    $profileCode=$_POST['profileCode'];
    $profileName=$_POST['profileName'];
    $profileDesc=$_POST['profileDesc'];
    echo "<script>alert('".$profileCode."')</script>";

    $find_user="select * from profile where profileCode='$profileCode'"; 
    $statement = $dbcon->prepare($find_user);
    $statement->execute();
    if($row = $statement->fetch())
    {  
        echo "<script>alert('".$profileCode."')</script>";
    } 
    else 
    {
        echo "<script>alert('Failed to update profile!')</script>";
    }
} 
?>

<script>
function editBtn(profileCode) {
                $.ajax({
                    type:"POST", 
                    url: "test.php", 
                    dataType: "html",
                    data: {profileCode:profileCode},
                    success: function(data){
                        $('#profileCode').val(data.split(",")[0]);
                        $('#profileName').val(data.split(",")[1]);
                        $('#profileDesc').val(data.split(",")[2]);
                        event.preventDefault();
                    }
                });}
</script>

<?php
 $username = $_SESSION["username"];
 $query = "SELECT * FROM profile WHERE username='$username'";
 $statement = $dbcon->prepare($query);
 $statement->execute();
 $result = $statement->fetchAll();
 foreach($result as $row)
 {
?>
<i class="ti-pencil" onclick="editBtn('<?php echo $row['profileCode']; ?>')"></i>
<?php } ?>
<form role="form" method="post" action="manageprofile.php">
       <label>Profile Code</label>
       <input type="text" class="form-control border-input" id="profileCode" name="profileCode" value="" disabled>
       <label>Profile Name</label>
       <input type="text" class="form-control border-input" id="profileName" name="profileName" value="" placeholder="Profile Name" required>
       <label>Profile Description</label>
       <textarea rows="5" class="form-control border-input" placeholder="About you" id="profileDesc" name="profileDesc" value=""></textarea>
</form>

test.php

<?php
include("dbcon.php"); 

$courseCode = $_POST['profileCode'];
$query = " SELECT * FROM profile WHERE profileCode='$profileCode' ";
$statement = $dbcon->prepare($query);
$statement->execute();
$result = $statement->fetchAll();
foreach($result as $row)
{
    echo $row['profileCode'].",".$row['profileName'].",".$row['profileDesc'];
} ?>

Image: Post return no value in alert

Error Code : line 7 ($profileCode=$_POST['profileCode'];) //after click on submit

Improve this question
14
  • What does your PHP Error log say? Commented Apr 11, 2020 at 8:25
  • Could you please provide a screenshot of what the output looks like now. Commented Apr 11, 2020 at 8:25
  • you need to show us the test.php page which is where the AJAX is sending the POSTed data , and/or the manageprofile.php page which is where the form sends the posted data.... Commented Apr 11, 2020 at 8:26
  • 1
    data: {profileCode:profileCode} Where is profileCode set? Commented Apr 11, 2020 at 8:26
  • 3
    Your SQL is at risk from SQL Injection attack and needs to be improved urgently. You need to use prepared statements with your variables in the SQL Commented Apr 11, 2020 at 8:29

2 Answers 2

Reset to default
1

The simple answer is that you have disabled your input profileCode in your html:

<input type="text" class="form-control border-input" 
id="profileCode" name="profileCode" value="" disabled> <!-- disabled -->

That's why $_POST doesn't retrieve profileCode.

Furthermore, you are only sending the value of profileCode in the ajax-request:

data: {profileCode:profileCode}`

So you are sending an ajax-request (post-request) with the data of the profileCode. The profileCode itself is sent to the PHP. But because PHP doesn't include disabled elements in PHP, the value would be empty.

And therefore the other fields would be empty as well - because your code in test.php:

$statement->fetchAll();

would not produce any output at all and therefore no html response sent back (because profileCode in the query against the db is empty (SELECT * FROM profile WHERE profileCode=''))

And what other has commented already: You have to improve how you handle SQL-injections. You're using prepared statements but you're using them in a way that doesn't protect at all.

I believe you're using PDO-driver so:

Instead of:

 $query = "SELECT * FROM profile WHERE username='$username'";
 $statement = $dbcon->prepare($query);

You should use:

$query = "SELECT * FROM profile WHERE username=:username";
$statement = $dbcon->prepare($query);
$statement->execute( array(':username', $username) );

This makes it impossible for the user to mess around with the actual string (SELECT * FROM profile WHERE username=:username) because :username is just a placeholder.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I have tried alert other fields that aren't disable, but the output is still blank.
You are also defining dataType as html but you treat the response data as an array (with split()). Are you able to do an alert within the success-part of your ajax?
yup. this is just some testing, will be converting to json soon
But data.split(",")[0] (or [1] or [2] would probably be empty as well because you try to split your html into an array (your html has probably no commas in it)
ok. I have changed to $statement->execute( array(':username' => $username) ); and it works. :) thanks
|
0

Thank you for helping me. I have think of an solution that uses ajax again to retrieve these updated value and send it to test.php.

UpdateProfile.php

function submitEditProfileForm(){
            $.ajax({
                type:"POST", 
                url: "test.php",
                data: {
                    profileCode:$('#profileCode').val(),
                    profileName:$('#profileName').val(),
                    profileDesc:$('#profileDesc').val()
                },
                success: function(data){
                    alert(data);
                }
            });
        }

test.php

if(isset($_POST['profileCode']) && isset($_POST['profileName']) && isset($_POST['profileDesc'])){
    $profileCode= $_POST['profileCode'];
    $profileName= $_POST['profileName'];
    $profileDesc= $_POST['profileDesc'];
    echo $profileCode.",".$profileName.",".$profileDesc;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.