Answer the question
In order to leave comments, you need to log in
A
A
adrenalinruslan2018-03-29 15:24:52
adrenalinruslan, 2018-03-29 15:24:52
Not added to the database?
In general, the problem is this, the entered data in the input via ajax is sent to the query.php file and there this data is sent to the database, but there is one problem, if you enter only numbers in the login and password, then the entry in the database will be added, and if you enter letters, the entry is not added. How to fix ?
$(document).ready(function(){
$('button').click(function(){
$('.box_error').hide();
var login = [];
var password = [];
login = $('#login').val();
password = $('#password').val();
$.ajax({
method: "POST",
url: "../pages/query.php",
data: { login:login, password:password },
beforeSend: function() {
$('button').html('Загрузка...');
},
success: function( msg ) {
if(msg == 'Errors') {
$('.box_error').show();
$('button').html( 'Войти' );
} else {
$('button').html( msg );
}
}
})
});
});Query.php file
<?php
include 'config.php';
$login = $_POST['login'];
$password = $_POST['password'];
$query = 'INSERT INTO `users`(`email`, `password`) VALUES ('.$login.', '.$password.')';
mysqli_query($link, $query);
exit("Finish 1");config.php file
<?php
$link = mysqli_connect("localhost", "root", "", "test"); 3 answer(s)
@Sanovskiy
@Eridani
@alexalexes
First, never, under any circumstances, glue the query string with the addition of input parameters that have not been escaped using sql notation. We glued an unchecked parameter to the query string (and even more so that came directly from the client) - consider that you subscribed to sql injection.
Adequate parameter substitution occurs only if the query is properly prepared by the
mysqli_prepare() and mysqli_stmt_bind_param() functions.
To obtain data from the database, you need the "correct culture" of communicating with it.
The correct culture means:
1. After trying to connect, you need to check whether it took place.
2. Before executing a query, its text must be prepared using the prepare function.
3. If there are input parameters, then bind them to the request using the bind function.
4. Start execution by the execute function;
5. Get the result of the request using the fetch function;
6. Close the statement or completely close the connection.
These paragraphs do not yet have steps for working with transactions, but if this minimum is present, then you are already adequately carrying out the process of communicating with the DBMS.
In your case, you need to check if the connection has taken place. Otherwise, there is no point in sending requests.
Here is an example where the process of interaction with the DBMS is more or less correctly described (taken from www.php.su/mysqli_stmt_bind_param ):
S
Sanovskiy, 2018-03-29 @Sanovskiy
What's in the logs? What's in the console? Press F12 and see the server response.
And don't use constructs like url: "../pages/query.php",
Always specify an absolute address.
A
Anton, 2018-03-29 @Eridani
And what are the types of these fields in your database, Int? If it is, then it's clear, change to varchar
A
alexalexes, 2018-03-29 @alexalexes
$query = 'INSERT INTO `users`(`email`, `password`) VALUES ('.$login.', '.$password.')';First, never, under any circumstances, glue the query string with the addition of input parameters that have not been escaped using sql notation. We glued an unchecked parameter to the query string (and even more so that came directly from the client) - consider that you subscribed to sql injection.
Adequate parameter substitution occurs only if the query is properly prepared by the
mysqli_prepare() and mysqli_stmt_bind_param() functions.
To obtain data from the database, you need the "correct culture" of communicating with it.
The correct culture means:
1. After trying to connect, you need to check whether it took place.
2. Before executing a query, its text must be prepared using the prepare function.
3. If there are input parameters, then bind them to the request using the bind function.
4. Start execution by the execute function;
5. Get the result of the request using the fetch function;
6. Close the statement or completely close the connection.
These paragraphs do not yet have steps for working with transactions, but if this minimum is present, then you are already adequately carrying out the process of communicating with the DBMS.
In your case, you need to check if the connection has taken place. Otherwise, there is no point in sending requests.
Here is an example where the process of interaction with the DBMS is more or less correctly described (taken from www.php.su/mysqli_stmt_bind_param ):
<?php
$link = mysqli_connect('localhost', 'my_user', 'my_password', 'world');
/* check connection */
if (!$link) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?, ?, ?)");
mysqli_stmt_bind_param($stmt, 'sssd', $code, $language, $official, $percent);
$code = 'DEU';
$language = 'Bavarian';
$official = "F";
$percent = 11.2;
/* execute prepared statement */
mysqi_stmt_execute($stmt);
printf("%d Row inserted.\n", mysqli_stmt_affected_rows($stmt));
/* close statement and connection */
mysqli_stmt_close($stmt);
/* Clean up table CountryLanguage */
mysqli_query($link, "DELETE FROM CountryLanguage WHERE Language='Bavarian'");
printf("%d Row deleted.\n", mysqli_affected_rows($link));
/* close connection */
mysqli_close($link);
?>
Similar questions
M
S
A
P
H
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question