Omaruchan
Reputation: 423
JavaScript PHP $_Get issue
so I have a JavaScript function which calls to a PHP file using an asyncronous method. This is my code
JavaScript
var xmlHttp = new XMLHttpRequest();
xmlHttp.onreadystatechange = function() {
if (xmlHttp.readyState == 4 && xmlHttp.status == 200)
callback (xmlHttp.responseText);
}
xmlHttp.open("GET", "http://127.0.0.1/formulario/insertReporte.php?"+'nombreAlumno='+nombreAlumno+'&noCta='+noCta+'&semestre='+semestre, true);
xmlHttp.send(null);
And here is my PHP File
<?php
$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";
$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ($nombreAlumno,$noCta,$semestre)";
if ($conn->query($sql) === TRUE) {
$last_id = $conn->insert_id;
echo $last_id;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
My issue comes on this line $nombreAlumno = $_GET['nombreAlumno']; as I get this error
On my database my nombreAlumno field is declared as a varchar.
I know my connection works because if I change that line into $nombreAlumno = intval($_GET['nombreAlumno']); it inserts 0 into my database.
Any ideas what am I doing wrong?
Upvotes: 2
Views: 89
Answers (2)
Saty
Reputation: 22532
You need to add quotes around your values. Also use mysqli_real_escape_string before insert into database to prevent sql injection
$nombreAlumno=mysqli_real_escape_string($conn, $nombreAlumno);
$noCta=mysqli_real_escape_string($conn, $noCta);
$semestre=mysqli_real_escape_string($conn, $semestre);
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";
Upvotes: 3
Sandeep Nambiar
Reputation: 1676
Try this
<?php
$servername = "myServerName";
$username = "myUserName";
$password = "myPassWord";
$dbname = "myDb";
$nombreAlumno = $_GET['nombreAlumno'];
$noCta = intval($_GET['noCta']);
$semestre = intval($_GET['semestre']);
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO infoalumno (nombreAlumno,noCta,noSemestre)
VALUES ('".$nombreAlumno."','".$noCta."','".$semestre."')";
if ($conn->query($sql) === TRUE) {
$last_id = $conn->insert_id;
echo $last_id;
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>
Upvotes: 0
Related Questions
- javascript and PHP problem
- $_GET not working on my php
- $_GET JavaScript and AJAX...
- GET method returns 500 Internal server error
- (HTML) JavaScript + PHP - $_GET Error
- How to pull two variable using $.get in javascript from a php file
- Getting $_GET values not working
- $_GET in PHP and &
- problem with the get variable
- problem with the php get function?