0

I ran into an issue for which I cannot find the answer, I rarely ask questions here, but I am rather stumped. Any assistance shall be appreciated.

This is the PHP that receives the Ajax call.

<?php
    session_start();
    $_SESSION["my_data"] = $_POST['action'];

    $DB_HOSTNAME = 'localhost';
    $DB_USERNAME = 'username';
    $DB_PASSWORD = 'password';

    $link2 = mysqli_connect($DB_HOSTNAME,$DB_USERNAME,$DB_PASSWORD) or die('Unable to establish a DB1 connection');
    mysqli_select_db($link2, '$DB_USERNAME');

    $orderQuery = mysqli_query($link2, "SELECT * FROM table WHERE id='".$_SESSION['my_data']."'");
    $orderQuery = mysqli_fetch_assoc($orderQuery);

    $orderInfo = "
        <table class='table table-striped'>
        <tbody>
            <tr>
                <td>#: </td>
                <td>". $_SESSION['my_data'] ."</td>
            </tr>
            <tr>
                <td> Full name: </td>
                <td>". $orderQuery['firstname'] . " " . $orderQuery['lastname'] ."</td>
            </tr>
            <tr>
                <td> Address: </td>
                <td> ". $orderQuery['shipping_address_1'] ."<br> ". $orderQuery['shipping_city'] . " " . $orderQuery['shipping_zone'] . " " . $orderQuery['shipping_postcode'] ." </td>
            </tr>
            <tr>
                <td> Card Expiry Date Month: </td>
                <td> 08 </td>
            </tr>        
        </tbody>
    </table><br>
    ";

    echo $orderInfo/* . $_POST['action']*/;   ?>

And this is the script that makes the call.

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js"></script>
    <script>

    var myWindow;
    function myFunction() {
    myWindow = window.open('', '_blank');
    myWindow.document.write("<link rel='stylesheet' type='text/css' href='stylesheet.css'>");

    var orderNum;
    orderNum = document.getElementsByClassName('summary_value')[0].innerHTML;
    orderNum = orderNum.replace("#", "");

    $.ajax( { type : 'POST',
      data : {'action':orderNum},
      url  : 'process.php',
      success: function ( data ) {
        myWindow.document.write( data );
      },
      error: function ( xhr ) {
        alert( "error" );
      }
    });

    myWindow.document.write("<br>");
    myWindow.document.write(document.getElementById("payInfor").innerHTML);
    }

</script>
<button onclick='myFunction()' class="btn btn-default">Print Pay Info</button>

It could be a simple issue, but I can't see it.

I know the Ajax is working because it displays some of the information ($_SESSION['my_data']), so I am thinking it's something with my SQL statements, but the syntax looks correct.

Improve this question
4
  • What errors do you face? Commented Sep 14, 2017 at 5:47
  • 1
    mysqli_select_db($link2, '$DB_USERNAME'); when you have singlequtotes, it'll not be a variable, but that exact string instead. Then, enable error-reporting for PHP and check the console for any JS errors, get MySQLi to tell you about any errors there using mysqli_error() (or set MySQLi to throw exceptions). Debugging by getting the errors the script throws back at you is always the first stop! Then you should use parameterized queries, you already have an API that supports it. Commented Sep 14, 2017 at 5:54
  • 1
    Sql injection vulnerablities on a site that takes credit card payments? Wow Commented Sep 14, 2017 at 6:08
  • @andrew I add cleanup and security once the code is functional. Also this page is protected by an admin password and the people who do have access aren't tech savvy enough to know what sql injection is. Thank you for taking note of that though. Commented Sep 14, 2017 at 16:02

3 Answers 3

Reset to default
2

At first glance i think that mysqli_select_db($link2, '$DB_USERNAME'); here is the error.

it must be mysqli_select_db($link2, $DB_USERNAME); or mysqli_select_db($link2, $DB_NAME);

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

variable inside quotes will act as a variable, so that not seems to be an error
That's for double quotes, this one are single quotes
1

mysqli_select_db() expects parameter one to be the connection and parameter two to be the database name. In your case you are passing '$DB_USERNAME'. So your code will look to connect to database named '$DB_USERNAME' because of the single quotes. Change it to the database name instead. Either $DB_NAME or 'database_name' should work. While in development mode, try enabling error_reporting(E_ALL) to catch errors like this.

Improve this answer

Comments

1

try to replace this mysqli_fetch_assoc with mysqli_fetch_array

and ($link2, "SELECT * FROM table WHERE id='".$_SESSION['my_data']."'")

with ($link2, "SELECT * FROM table WHERE id=".$_SESSION['my_data']."")

note: remove single quote (' ') for id

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.