CODEWITHSUNDEEP
phpjqueryajax
prog
prog

Reputation: 1073

variable fails when passing inside a query

I am passing the $place variable to a query in listplace.php using a ajax call. The ajax call works perfectly in php1.php code, but the $place value is not passed over the query. Please help!

listplace.php too works perfectly but when i try to pass $place in where condition it fails.

php1.php code

<select id="name">
  <option selected disabled>Please select</option>
</select>

<?php if (isset($_GET['place']) && $_GET['place'] != '') { ?>

    <script src="https://code.jquery.com/jquery-3.2.1.min.js"></script>
    <script>
        $.ajax({
            type: "POST",
            data: {place: '<?= $_GET['place'] ?>'},
            url: 'listplace.php',
            dataType: 'json',
            success: function (json) {
                if (json.option.length) {
                    var $el = $("#name"); 
                    $el.empty(); // remove old options
                    for (var i = 0; i < json.option.length; i++) {
                        $el.append($('<option>',
                            {
                                value: json.option[i],
                                text: json.option[i]
                            }));
                    }
                }else {
                    alert('No data found!');
                }
            }
        });
    </script>
<?php } ?>

listplace.php

<?php
//connect to the mysql
$db = @mysql_connect('localhost', 'root', 'password') or die("Could not connect database");
@mysql_select_db('test', $db) or die("Could not select database");

$place = $_POST['place'];

$sql = @mysql_query("select product_name from products_list where product_name = '$place'");
$rows = array();
while($r = mysql_fetch_assoc($sql)) {
    $rows[] = $r['product_name'];
}
if (count($rows)) {
    echo json_encode(['option'=> $rows]);
}else {
    echo json_encode(['option'=> false]);
}
?>

Upvotes: 1

Views: 72

Answers (2)

Rotimi
Rotimi

Reputation: 4825

An improvement will be to start using prepared statements. This is just an addition to Exprator's answer

This will prevent SQL injection attacks. 

$sql_con = new mysqli('localhost', 'root', 'password', 'test');//get connection
    $place = $_POST['place'];//posted variable
    if($stmt = $sql_con->prepare("select product_name from products_list where product_name =?")) {//prepare returns true or false

       $stmt->bind_param("s", $place); //bind the posted variable
       $stmt->execute(); //execute query
       $stmt->bind_result($product_name);//bind the result from query securely

        $rows = array();//create result array
       while ($stmt->fetch()) {//start loop
         $rows[] = $product_name;//grab everything in array
       }
       if (count($rows)) {//check for number
            echo json_encode(['option'=> $rows]);
        } else {
            echo json_encode(['option'=> false]);
        }

Upvotes: 1

Exprator
Exprator

Reputation: 27503

change this line 

 data: {place: '<?= $_GET['place'] ?>'},

to 

 data: {place: '<?= $_GET["place"] ?>'},

Upvotes: 1

Related Questions