0

I am populating a dropdown with MySQL entries using the technique in this answer. This works fine - when I select an event, a new dropdown is generated containing the dates that event is running on.

However, I also need to retrieve the cost of the event from the database, and assign it as the value of a form input. The simplest way to do it would be to assign it to the value attribute of the event dropdown, but this is already used to generate the second dropdown.

So, I figure I can use another Ajax call in the change event of the event dropdown to query the database again and get the cost, then pass it back as a JSON encoded variable. Here are my Ajax calls:

$('#event_menu').on('change', function() {
    // get selected value and build data string for AJAX
    var event_selected = "event_selected="+$(this).val();

    // send the selected data to a PHP page to build the populated menu
    $.ajax({
        url : 'populate_menu.php',
        type: 'POST',
        data : event_selected,
        dataType : 'html',
        success : function(data) {
        $('#instancemenu').html(data);
        }, error : function() {
            alert("Something went wrong!");
        }
    });

    $.ajax({
        url : 'get_eventprice.php',
        type: 'POST',
        date: event_selected,
        dataType : 'json',
        success : function(data){
            $('#totalcost').val(data);
        }, error : function(){
            alert("Something went wrong with the price setter!")
        }
    });
});

And here's the code in get_eventprice.php:

    $event_selected = isset($_POST['event_selected']) ? $_POST['event_selected'] : null;

    $q="SELECT event_cost FROM events WHERE event_id=$event_selected";
    $r=mysqli_query($dbc,$q);

    $row=mysqli_fetch_field($r, MYSQLI_ASSOC);

    echo json_encode($row['course_cost']);

However, this triggers the error clause in the Ajax call. I've also tried mysqli_fetch_array, but with no luck. What am I doing wrong?

Improve this question
5
  • 5
    Your code is vulnerable towards SQL injection, and will be a problem in the future - either on purpose or by accident. Never trust user variables. Check out bobby-tables.com Commented Dec 18, 2013 at 20:33
  • 2
    When using mysqli you should be using parameterized queries and bind_param to add user data to your query. Avoid using string interpolation to accomplish this. Commented Dec 18, 2013 at 20:35
  • Btw, if course_cost is just a numeric value, you can skip json_encode around it. Commented Dec 18, 2013 at 20:43
  • @nl-x tried that, still doesn't work Commented Dec 18, 2013 at 20:44
  • @h2ooooooo how does using prepared statements compare to filtering the POSTed variables with mysqli_real_escape_string? Commented Dec 18, 2013 at 20:53

1 Answer 1

Reset to default
1

In your second Ajax you write date in stead of data

edit:

Furthermore, use Element Inspector of your browser, and look in:

  • the Net tab what is going on during the Ajax call. See if the data is indeed being sent along. And what the web server returns.
  • the Console tab to see if you are getting any javascript messages/errors
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Good eye. This is indeed the problem. But perhaps ElendilTheTall also needs some validation server-side to address this type of error.
Yes you do... look in your own code you posted. datE: event_selected,
@ElendilTheTall : yes you do
and now please fix your sql injection problem , as h2ooooo stated :)
Got it - mysqli_fetch_field expects 1 parameter. I removed MYSQLI_ASSOC and it works. Thanks!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.