3

I am a pretty much a beginner to all of these technologies, I have been stuck all day on what I thought would be a fairly simple process. Basically, I'm trying to pass a parameter in a JS function through to my PHP code using AJAX, and then inserting the parameter into my database.

The JS function in my .html file. 

    function pushData(paramData) {
    $.ajax({
        url: "databaseStuff.php",
        type: "post",
        data: paramData
        });
}

I wish to insert into my SQL table whatever I have put into the Parameters. For example the below code should create 3 new database entries. I have these hooked up to buttons in my actual project. 

pushData('It is Wednesday');
pushData('My Dudes');
pushData('AHHHHHHH!');

databaseStuff.php

<?php

$mysqli = new mysqli("localhost", "root", "default", "testDB");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . 
$mysqli->connect_error;
}
echo $mysqli->host_info . "<br>";

$paramData = $_POST['paramData'];

$sql = "INSERT INTO testDBtable (Name, Text) VALUES ('Joe', '$paramData')";

?>

My PHP is successfully connecting to the MySQL DB since I am getting the proper 'localhost via TCP/IP' message, however, I am getting stuck on:

"Notice: Undefined index: paramData in C:\wamp64\www\databaseStuff.php on line 23

Help is appreciated! I am not concerned with SQL injection vulnerability as this code will never leave localhost.

Improve this question
2
  • You never query the $sql variable. You just create the string. Commented Sep 10, 2017 at 20:29
  • You're already using an API that supports prepared statements with bounded variable input, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against SQL-injection! Get started with mysqli::prepare() and mysqli_stmt::bind_param(). Commented Sep 10, 2017 at 20:29

2 Answers 2

Reset to default
1

Try writing your Ajax data parameters like this

data: {
    'paramdata':paramdata
}

Also, you never actually queried your data.

mysqli_query($mysqli, $sql);

But with the error that you're getting, it's likely because of the ajax data parameters.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks, this solved my problem with getting my data to POST over to the PHP file. My other problem was caused by the automatic Timestamp in my database not having a default value.
0

If you just want to correct your code, replace the AJAX query with this:

$.ajax({
    url: "databaseStuff.php",
    type: "post",
    data: {'paramData': paramData}
});

However, you should not concatenate user input with sql query directly because of SQL injections, I suggest you to use parametrized queries. Here is the PHP manual page with explanation and examples

Improve this answer

1 Comment

XSS attacks is more of a problem on output. On input, what you're probably thinking of, is SQL injection

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.