I have a slightly frustrating problem...
I'm sending a form value to PHP via AJAX and that seem to work fine.
When I do var_dump in PHP I see my values I can also set a variable and echo it correctly.
However, the line
$prod_id=$_POST['product'];
causes an uncaught type error in the browser.
If I just set the variable with text in PHP everything works fine.
To conclude, this piece of code works fine:
$prod_id=("Slab Skate");
$selected_customers = mysqli_query($link,"SELECT * FROM customers
INNER JOIN cust_products on cust_products.cust_id=id
INNER JOIN products on products.prod_id=cust_products.product_id
WHERE products.prod_name='$prod_id'");
This code causes uncaught typerror:
$prod_id=$_POST['product']
Same SQL statement as above.
If I do
var_dump ($prod_id);
after setting it with $_POST I get:
string(10) "Slab Skate"
My form data in network headers tab of Chrome developer tools say:
product:Slab Skate
I don't get it...
Thanks in advance for any tips.
Update and some clarifications.
The error I get is this: "Uncaught TypeError: Cannot read property 'documentElement' of null" which is a Javascript error coming from a function later in the code. However, since the whole thing works if I "hardcode" the variable instead of setting it from $_POST my assumption was that the error must reside in PHP.
But maybe that's not the case...
What I'm doing is the following: posting a form value to PHP -> use value to select from my_sql and prepare an XML output. So far so good, (I can see the xml output in Chrome dev tools) but then I go back to a javascript to fetch the xml output from my PHP file and then it fails.
When thinking about it, it's rather obvious why it works with a "hardoded" variable and not with the $_POST set one.
So, I see two solutions either set the PHP variable in my_sql or using javascript more intelligently.
Do anyone have a smart solution? I could post all the code, but it's quite long.
Second update:
I solved the issue by writing an xml file to the server instead of trying to download it from the php file. Then my java function can process the xml correctly.
It does work, but I'm not sure how well it scales? It must be better to process the xml output from PHP directly rather then saving it to file first and then process. But, I have no insight on how big the difference is...
/Tim
I wouldn't use SELECT * FROM when using Inner Join if i were you. that would cause all sort of problems , simply give the names of columns.
Related
I'm trying to execute a piece of php code with the php command in the ubuntu terminal. I'm testing it with a sample code that you can find here.
I created a file with the code, calling it welcome.php, and tried executing it with:
php welcome.php
And obviously says there are undefined indexes, because it expects arguments via POST
Obviously I would like to do is to run it with the POST arguments as well. I tried the following:
declare -A _POST
_POST[name]="Sample name"
_POST[email]="sample#mail.com"
Before executing again, but the result still doesn't show. So is there any way I can declare the POST arguments manually in order to achieve loading the html file properly?
----------------- Context, in case it seems relevant -----------------
I'm programming a modest C server for my studies, and among the functionality required, there is executing php scripts. So my idea is to execute whatever command is required and generate the html output in a file that is later read and transmitted. Parsing the arguments as keys and values is not a problem (although yet to be done).
So far I know, you need to create a post request to a server to get the $_POST variable's values. In case you want to generate an HTML file, you can pass values through the argument, process it and return (print) an HTML document.
Here is php code:
$query = Container::get('db_connection')
->prepare('sp_Util_SearchMemberByKeyWord');
$query->bind('szSort', $searchcol, DatabaseTypes::NVARCHAR(100))
->bind('szKeyWord', $searchstr, DatabaseTypes::NVARCHAR(100))
->bind('partnerid', $partnerid, DatabaseTypes::INT)
->bind('hideDisabled', $hideDisabled, DatabaseTypes::INT)
->bind('hideDemo', $hideDemo, DatabaseTypes::INT)
->bind('hideByLmtdAccountManagerUserID',
$hideByLimitedAccountManagerUserID, DatabaseTypes::NVARCHAR(100))
->execute();
I need to see exact values of the params passed into the storing procedure. There is no way I can debug or alter source code. Google Chrome (or any other browser) seems to be only one option. I also got access to the appropriate database. Can I capture those values somehow using built-in Chrome functionality or some advanced features of SQL Management Studio?
P.S. I am not php dev, not at all.
The simplest way to see variables in PHP is using the var_dump(); and exit;
Use it before your code.
For example:
var_dump($searchcol); exit;
I've some strange issues with some php code.
if ($user->userType=='admin'){
If I use the above command, the php engine just stop interpreting and display the code in plain text on my browser. On the other hand if I use the below method it works:
if ($user['userType']=='admin'){
Again here also:
$_SESSION['currentUser']->id
If I use the above code it just displays the rest of code as plain text:
id); // fail user }else{ $authentication="failed"; $noAuthPresentation="loginForm"; }
Why this is happening? It's a big project and I don't want to change every line where there is an occurrence of ->.
Do I need to change some setting somewhere? I'm using WAMP server with php 5.5.12.
Any help ? Thanks!
You're mixing up types, user is an array, and not an object. Something in your php config is doing something strange to your error display it seems. Right click on the page that has the errors, and view source if possible.
Does login.php contain html and php code by chance?
I'm coding an website which must have same functionality as SO. My server use Litespeed, which increase the speed of runing php files.
When I'm trying to send php code in regular form, everything seems to be ok, data being sent to the action file without interpreting the code inside the variable. But when I'm trying to send the same data in comments textareas, with jQuery $.post method, I'm getting Forbidden 403 error. Data is blocked on the road by Litespeed server. I don't know why is happening this, why is $_POST data auto-evaluated when using ajax?
This situation doesn't appear everytime, but just in some cases, for example:
this is a new message which presents this php code: <?php mysql_query("SELECT * FROM my_table"); ?>
Note that if I remove <?php and ?> from my message, it is ok. I've already tried to use encodeURI() method but this don't change anything.
Is there any setting which must be applied in .htaccess for not auto-evaluate $_POST data?
or I should replace the open and close tags, before sending the comment?
Later edit
This is how I managed to resolve this right now, but I'm still waiting for a suggestion with .htaccess:
$but.prev('textarea').val().replace(/(<\?php)/gi,'-?php ').replace(/(<\?)/gi,'-? ').replace(/\?>/gi,' ?-');
and on the server side
str_replace(array('-?php','?-','-?'), array('`<?php','?>`','`<?'), $_POST['comment']);
I'm working with a very simple mock-up application to query a DB and display the results on a map. The application sends a GET httprequest to a server which returns a serialized array of value. The basic structure of the httprequest is:
httpRequest.open("GET","handle-query.php?query=" + queryJs)
and, on the other side:
$queryPhp = $_GET["query"];
When the query looks like this...
["SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Centre'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Kara'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Maritime'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Plateaux'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%region='Savanes'"]
...then it is passed to the server properly, and generates a response. However, when the query looks like this...
["SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Sotouboua'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchamba'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tchaoudjo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Assoli'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bassar'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Bimah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Doufelgou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Keran'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kozah'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Golfe'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Lacs'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Vo'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Yoto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Zio'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Amou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Haho'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Kloto'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Ogou'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Wawa'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Oti'", "SELECT%SUM(commit)%FROM%financialdata%WHERE%prefect='Tone'"]
...then the server receives an empty string. Both of the strings are generated by the same function, and both work perfectly on my virtual server (WAMP). If anyone has any ideas it would be greatly appreciated.
(P.S. After reading I realize that I should be using a framework with better sanitization, etc., but this is just a demo that will need to live online for maybe 2 hours, and it would be better to fix this small thing than start over. It works perfectly on my localhost.)
To actually answer your question, you're sending a get parameter as query (handle-query.php?query=) and then pulling it off as queryJS (queryJs).
$_GET['query'] // instead of $_GET['queryJs']
should do it.
(And as everyone has pointed out, don't send SQL in the clear or otherwise over the wire, unless you plan on not actually executing the SQL, and you just like to advertise your db structure, maybe it is that pretty.)