12 Replies - 730 Views - Last Post: 03 December 2014 - 12:48 PM Rate Topic: -----

#1 twwood   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-December 14

Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 02:44 PM

I was wondering if anyone could help me with updating my PHP variables with Javascript variables that I am receiving from user input. I am trying to add a username and password to a User table in MySql. I have tried messing around with POST. I haven't tried GET yet. I am not sure if I am overlooking something small in my code or not and would really welcome extra and more developed eyes.

Thanks for your help!

Here is my HTML code:

   <form ... onsubmit="return checkForm(this);"> <p>Username: <input type="text" name="username"></p> <p>Password: <input type="password" name="pwd1"></p> <p>Confirm Password: <input type="password" name="pwd2"></p> <p><input type="submit"></p> </form>
                    
                        </form>



Here is my javascript code:
 <script type="text/javascript">
                
                function checkForm(form) {
                    if (form.username.value == "") {
                        alert("Error: Username cannot be blank!");
                        form.username.focus();
                        return false;
                    }
                    re = /^\w+$/;
                    if (!re.test(form.username.value)) {
                        alert("Error: Username must contain only letters, and numbers!");
                        form.username.focus();
                        return false;
                    }
                    if (form.pwd1.value != "" && form.pwd1.value == form.pwd2.value) {
                        if (form.pwd1.value.length < 6) {
                            alert("Error: Password must contain at least six characters!");
                            form.pwd1.focus();
                            return false;
                        }
                        if (form.pwd1.value == form.username.value) {
                            alert("Error: Password must be different from Username!");
                            form.pwd1.focus();
                            return false;
                        }
                        re = /[0-9]/;
                        if (!re.test(form.pwd1.value)) {
                            alert("Error: password must contain at least one number (0-9)!");
                            form.pwd1.focus();
                            return false;
                        }
                        re = /[a-z]/;
                        if (!re.test(form.pwd1.value)) {
                            alert("Error: password must contain at least one lowercase letter (a-z)!");
                            form.pwd1.focus();
                            return false;
                        }
                        re = /[A-Z]/;
                        if (!re.test(form.pwd1.value)) {
                            alert("Error: password must contain at least one uppercase letter (A-Z)!");
                            form.pwd1.focus();
                            return false;
                        }
                    } else {
                        alert("Error: Please check that you've entered and confirmed your password!");
                        form.pwd1.focus();
                        return false;
                    }
                    alert("You have been registered with a valid username: " + form.username.value + " and a valid password: " + form.pwd1.value);
                    return true;
                    
                    var count =1;
                    
                    if(form.username.value!=null&&form.pwd1.value!=null)
                    {
                        
                        var i = count;
                        var u = form.username.value;
                        var p= form.username.value;
                        
                        
                        $.post('register.php', {ivariable: i, nvariable:n, pvariable:p}) ;
                        
                        
                        count++;
                        
                    }
                }
            
           
            
            
            
            </script> 


And here is my PHP:

 <?php

        $id;
        $uname;
        $upass;
        
        public static function createUser()
        {
            $conn = mysqli_connect("host","myusername","mypassword","mydatabase");
            if (!$con) {
                die('Could not connect: ' . mysqli_error($con));
            }
            
            $id = $_POST['ivariable'];
            $uname = $_POST['uvariable'];
            $upass = $_POST['pvariable'];
            
            echo $uname;
            
            
            $sql = "INSERT INTO a6_User (password, userid, username)
            values(upass, id, uname)";
            
            
            if (mysqli_query($conn, $sql)) {
                echo "New record created successfully";
            } else {
                echo "Error: " . $sql . "<br>" . mysqli_error($conn);
            }
            
            mysqli_close($conn);
        }
        
    
    
    
?> 


Is This A Good Question/Topic? 0
  • +

Replies To: Posting Javascript variables to PHP updating a table in MySql

#2 andrewsw   User is offline

  • Entwickler
  • member icon

Reputation: 6601
  • View blog
  • Posts: 26,897
  • Joined: 12-December 12

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 02:53 PM

What errors do you get?

On a quick look:
values(upass, id, uname)";

these PHP variables should have a dollar sign in front of them.

And there isn't a uvariable, there is an nvariable.
Was This Post Helpful? 1
  • +
  • -

#3 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3802
  • View blog
  • Posts: 13,797
  • Joined: 08-August 08

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 02:55 PM

First, fix your query.
http://php.net/manua...qli.prepare.php
Then do a web search on "javascript submit form"
Was This Post Helpful? 0
  • +
  • -

#4 andrewsw   User is offline

  • Entwickler
  • member icon

Reputation: 6601
  • View blog
  • Posts: 26,897
  • Joined: 12-December 12

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 03:01 PM

Also, do you call your createUser method?

(I haven't done too much with OOP in PHP, but shouldn't the word static, when applied to a method, be within a class definition?)
Was This Post Helpful? 0
  • +
  • -

#5 twwood   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-December 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 03:16 PM

View Postandrewsw, on 02 December 2014 - 03:01 PM, said:

Also, do you call your createUser method?

(I haven't done too much with OOP in PHP, but shouldn't the word static, when applied to a method, be within a class definition?)



Currently I am not calling my createUser method. I assume that goes inside my javascript.
Was This Post Helpful? 0
  • +
  • -

#6 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2102
  • View blog
  • Posts: 6,427
  • Joined: 15-January 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 04:35 PM

No, PHP code does not go inside Javascript code. One other problem is that your Javascript code has a return statement right before you try to use jQuery to send the post ajax request. That request will never get sent because of the return statement. So, it's going to submit the form normally. Since you didn't specify a method on your form, it will default to get instead of post.
Was This Post Helpful? 1
  • +
  • -

#7 twwood   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-December 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 02 December 2014 - 10:08 PM

Thanks for the help. I am making progress, and am now running into "NetworkError: 500 Internal Server Error - http//localhost". This is blocking my connection from Javascript to PHP and disallowing me to update my username table in my database.

Here is a snippet from my Javascript code trying to update variables in my PHP (register.php)

 
                        var i = count;
                        var u = uname;
                        var p= pname;
                        
                        $.post('register.php', {ivariable: i, uvariable:u, pvariable:p}) ;
                        


Here is my PHP code

<?php

        $id;
        $uname;
        $upass;
        
        public static function createUser()
        {
            $conn = mysqli_connect("host","myname","mypassword","mydatabase");
            if (!$con) {
                die('Could not connect: ' . mysqli_error($con));
            }
            
            $id = $_POST['ivariable'];
            $uname = $_POST['uvariable'];
            $upass = $_POST['pvariable'];
            
            echo $uname;
            
            
            $sql = "INSERT INTO a6_User (password, userid, username)
            values($upass, $id, $uname)";
            
            
            if (mysqli_query($conn, $sql)) {
                echo "New record created successfully";
            } else {
                echo "Error: " . $sql . "<br>" . mysqli_error($conn);
            }
            
            mysqli_close($conn);
        }
        
    
    
    
?>

Was This Post Helpful? 0
  • +
  • -

#8 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3802
  • View blog
  • Posts: 13,797
  • Joined: 08-August 08

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 06:13 AM

Congratulations, your site may now be hacked.

Ok, not yet. First you need to call the function, then it will be wide open to an SQL injection attack.

This post has been edited by CTphpnwb: 03 December 2014 - 06:21 AM

Was This Post Helpful? 0
  • +
  • -

#9 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2102
  • View blog
  • Posts: 6,427
  • Joined: 15-January 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 08:37 AM

A 500 response just means there was a PHP error. If the code you posted in post 7 is your full code then it's not correct, only functions defined inside classes have visibility like public and static. Is that a standalone function or is it part of a class?

As far as SQL injection attacks, using user-submitted data directly in a query is the #1 attack vector for web sites. You should be using prepared statements to mitigate that, with prepared statements you should not be putting variables inside a SQL query.

http://php.net/manua...-statements.php

It's also not a good idea to store plain-text passwords in your database, you need to hash them:

http://jeremykendall...implementation/

As far as PHP errors in general, if you're using ajax communication I would recommend using an error log with PHP so that you can check the error log if you get a 500 response from an ajax request. You can do this to have PHP write all errors to a file called error.log in the same directory:

ini_set('display_errors', 0);
ini_set('html_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', __DIR__ . DIRECTORY_SEPARATOR . 'error.log');
error_reporting(E_ALL);


That's not going to help with syntax errors though. Ideally you would change the above settings in php.ini to have PHP always write all errors to a log file, and then you'll get syntax error messages in the log also. With the code above you'll only get runtime errors in the log, since those settings are changed at runtime.
Was This Post Helpful? 0
  • +
  • -

#10 CTphpnwb   User is offline

  • D.I.C Lover
  • member icon

Reputation: 3802
  • View blog
  • Posts: 13,797
  • Joined: 08-August 08

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 09:32 AM

By the way, these lines are pointless:
        $id;
        $uname;
        $upass;


They don't declare or define these variables.
Was This Post Helpful? 0
  • +
  • -

#11 twwood   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 5
  • Joined: 02-December 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 11:38 AM

Fixed the 500 Error. Now am on to updating mySql table. I have a feeling it is a syntax error in PHP. This is my first project with PHP so I am learning as we speak. If you can read over my code and let me know what you think, that would be awesome. Thanks so much.

<?php
    
    
    class createUser {
        
        public static function create()
        {
            $conn = mysqli_connect("host","mylogin","mypassword","mydatabase");
            if (!$con) {
                die('Could not connect: ' . mysqli_error($con));
            }
            
            $id = $_POST["ivariable"];
            $uname = $_POST["uvariable"];
            $upass = $_POST["pvariable"];
            
            $sql = "INSERT INTO a6_User (password, userid, username)
            VALUES($pname, $id, $uname)";
            
            
            if (mysqli_query($conn, $sql)) {
                echo "New record created successfully";
            } else {
                echo "Error: " . $sql . "<br>" . mysqli_error($conn);
            }
            
            mysqli_close($conn);
            
        }
        
    }
    ?>

This post has been edited by andrewsw: 03 December 2014 - 11:57 AM
Reason for edit:: Removed large previous quote, just press REPLY

Was This Post Helpful? 0
  • +
  • -

#12 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2102
  • View blog
  • Posts: 6,427
  • Joined: 15-January 14

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 12:43 PM

That code doesn't have any syntax errors. It's defining a class with a single method but you never execute the method. There's also going to be a syntax error in that SQL query which you can solve by using a prepared statement.
Was This Post Helpful? 1
  • +
  • -

#13 andrewsw   User is offline

  • Entwickler
  • member icon

Reputation: 6601
  • View blog
  • Posts: 26,897
  • Joined: 12-December 12

Re: Posting Javascript variables to PHP updating a table in MySql

Posted 03 December 2014 - 12:48 PM

$pname should be $uname.

You are in the best position to take this forward because you can create a minimal example that you can at least run, and start to test and correct. (At least then you will also be able to report on the errors that you receive.)
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1