0

I have done a lot of research on Google and StackOverflow but I can't solve this problem (that's why this question is no duplicate): I have a js function, which is called on click (working). With this function I'm trying to call a PHP script to execute... But it doesn't react... Please tell me what's wrong (complete solution would be appreciated...)

PHP code:

<?php
$servername = "bot-sam.lima-db.de:3306";
$username = "USER379138";
$password = "pwd";
$dbname = "db_379138_1";

$q = $_POST['q'];
$a = $_POST['a'];

function alert($msg) {
    echo "<script type='text/javascript'>alert('$msg');</script>";
}

echo $q . $a;
// echo and alert are not opening so i think the php script isn't executing
alert("question is " . $q);
alert("answer is " . $a);

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}

$sql = "INSERT INTO knowledge_base ('question', 'answer')
VALUES ($q, $a)";

if (mysqli_query($conn, $sql)) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>

JavaScript function (which gets called properly; jQuery working):

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        sucess: console.log("SQL entry made")
    });
}

I'm sorry to ask such a simple question but I just can't solve the problem...

Improve this question
9
  • 1
    dataType: 'json' ? You want to get json from php script, but php echoes html! Commented Feb 15, 2018 at 17:53
  • Is that the correct URL? The browser will assume that script is in the same folder as the page you're on (unless you have a <base> tag). Also, your success function looks suspicious. I believe you need to specify something like function() { ... }. Commented Feb 15, 2018 at 17:53
  • Your code contains an SQL injection vulnerability -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is very easy to fix. Commented Feb 15, 2018 at 17:53
  • Also it seems like you may have given us the actual credentials and info needed to login to your DB - you may want to change that Commented Feb 15, 2018 at 17:55
  • 1
    if both/either question or answer are strings the sql needs for those values to be quoted. As @gattsbr points out - this is vulnerable to sql injection. The alert statements will not do the alert as you are calling the php script with ajax... Commented Feb 15, 2018 at 18:12

1 Answer 1

Reset to default
2

Try to use the below code

function myfunc() {
    var question = "test1";
    var answer = "test2";
    $.ajax({
        url: 'phpscript.php',
        type: 'POST',
        data: {q: question, a: answer},
        dataType: 'json',
        success: function(result) {
         console.log(result);
       }
    });
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

the code isn't working but now the success function doesn't call
i changed the dataType to text ... Now the sucess function gets called but the SQL database is empty...
@fipsi what is the console.log output?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.