Ajax and PHP Update

Asked

Viewed 567 times

0

I’m having a problem editing the database values. My Script Code:

$(function(){
$(document).on('click', '#salvar_pedido', function(e) {
    e.preventDefault;

    var id = $(this).closest('tr').find('td#id').html();
    var nome = $(this).closest('tr').find('td#nome').html();
    var email = $(this).closest('tr').find('td#email').html();
    var celular = $(this).closest('tr').find('td#celular').html();
    var qtd = $(this).closest('tr').find('td#qtd').html();
    var cor = $(this).closest('tr').find('td#cor').html();
    var tam = $(this).closest('tr').find('td#tam').html();     
    var pag = $(this).closest('tr').find('td select#pagamento option:selected').val();        

    $.ajax({
        type      : 'POST', 
        url       : 'editar_pedido.php', 
        data      : {nome: nome, email: email, celular: celular, tam: tam, cor: cor, qtd: qtd, pag: pag}
    }).done(function(resp){
        alert("Alterado !");
    }).fail(function(jqXHR, resp){
        alert('Erro ao alterar '+ resp);
    }); 
});});

And my PHP:

$host= '';
$bd= '';
$userbd = ''; 
$senhabd= '';

error_reporting (E_ALL & ~ E_NOTICE & ~ E_DEPRECATED);

$conexao = mysqli_connect($host, $userbd, $senhabd, $bd);
mysqli_set_charset($conexao,"utf8");

    $id = $_POST ["id"];  
    $nome = $_POST ["nome"];  
    $email  = $_POST ["email"];   
    $celular  = $_POST ["celular"];   
    $tam  = $_POST ["tam"]; 
    $cor  = $_POST ["cor"]; 
    $qtd = $_POST ["qtd"]; 
    $pag = $_POST ["pag"]; 
    $dahr = strftime('%d de %B de %Y'); 
    mysqli_query($conexao, "UPDATE pedidos SET nome='$nome', email='$email', cel='$celular', tam='$tam', cor='$cor', qtd='$qtd', dahr='$dahr', pag='$pag' WHERE ID='$id'");
    mysqli_close($conexao);

But it doesn’t change, but if I declare the values in PHP it makes the change. There are some errors that I’m not seeing?

php mysql ajax sql-update

  • It’s best to do the echo of the query being executed before it is executed, so you can view the query and run it manually in the database. That should be enough to realize the mistake

1 answer

0


To be honest your code is bad, vulnerable to sql Injection, without checking the indices of POST using Closest.

First of all I would advise you to use PDO or MYSQLI.

Try to save your data to an element Hidden a brief example:

echo '<input type="hidden" name="pedidoID" value="'. $pedidoID. '">';
echo '<input type="hidden" name="pedidoName" value="'. $pedidoNome. '">';

[.. etc ..]

In your JQUERY tries to capture them this way:

$('input[name=pedidoID]').val();
$('input[name=pedidoName]').val();

Checks in the PHP if Indexes exist and filters them example:

$produtoName= if(isset($_POST['produtoName'])) ? filter_var($_POST['produtoName'], FILTER_SANITIZE_STRING) : NULL;

$produtoCor = if(isset($_POST['produtoCor'])) ? filter_var($_POST['produtoCor'], FILTER_SANITIZE_STRING) : NULL;

Extra

always protect your ajax pages because you should not trust the user READ MORE.

  • Thanks for the tips, I’m just doing a test, this is not the final code, just for testing. But I found the problem, the ajax date forgot to inform the id. Thankful.

Browser other questions tagged php mysql ajax sql-update

You are not signed in. Login or sign up in order to post.