0

I hope this will be the last question I make tonight, this is really getting annoying. I've finally found a way to get this Ajax working to process a HTML form using two separate PHP scripts, it's just the way that will work best for me I guess. I will post all scripts to make it a bit easier to figure out the problem.

Here is the form (messages.php):

<form action="" method="post" id="reply" name="reply">
<div class="form-group">
 <textarea class="form-control" rows="3" cols="80" id="message" name="message" placeholder="Send a reply..."></textarea>
 <input type="hidden" id="conversation_id" name="conversation_id" value="<? echo $co_conversation_id; ?>">
 <input type="hidden" id="sarssystem" name="sarssystem" value="<? echo $sarssystem; ?>">
</div>
<div class="form-group" align="right">

<div class="btn-group" align="left" style="float:left">
  <button type="button" class="btn btn-default btn-sm dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
    <span class="glyphicon glyphicon-cog" aria-hidden="true"></span> <span class="caret"></span>
  </button>
  <ul class="dropdown-menu">
    <li><a href="messages.php?convoid=<? echo $co_conversation_id; ?>&del=check">Delete Conversation</a></li>
    <li><a href="#">Visit Profile</a></li>
    <li><a href="#">Report User</a></li>
    <li role="separator" class="divider"></li>
    <li><a href="#">Change Display Photo</a></li>
  </ul>
</div>

  <button type="reset" class="btn btn-default btn-sm">Cancel</button>
  <button type="submit" id="reply" name="reply" class="btn btn-primary btn-sm" onclick="loadDoc()">Send Message</button>
</div>
</form>

Here is the Ajax (messages.php):

<script>
function loadDoc() {
  $.ajax({
            url: 'system/message_system.php',
            type: 'POST',
            dataType: 'json',
            data: {
                message: 'message',
                conversation_id: 'conversation_id',
                sarssystem: 'sarssystem',
                user_id: 'user_id'
                },
        })
        .done(function() {

            $.ajax({
                url: 'system/sars_system.php',
                type: 'POST',
                dataType: 'json',
                data: {
                    message: 'message',
                    conversation_id: 'conversation_id',
                    sarssystem: 'sarssystem',
                    user_id: 'user_id'
                    },
            })
            .done(function() {
                console.log("success");
            })
            .fail(function() {
                console.log("error");
            })

        })
        .fail(function() {
            console.log("error");
        })
}
</script>

I am using this SAME script as a test on both (system/sars_system.php) and (message_system.php):

require 'db.php';

    $message = $_POST['message'];
    $conversation_id = $_POST['conversation_id'];
    $sarssystem = $_POST['sarssystem'];
    $user_id = $_POST['user_id'];

$usr_message = str_replace("'","\\'",$message);

mysqli_query($conn,"INSERT INTO ap_messages (message_id, message, sender_id, time_sent, time_read, conversation_id) 
VALUES ('','$usr_message','$user_id', NOW(), NOW(), '$conversation_id')");

mysqli_query($conn, "UPDATE ap_conversations SET time = NOW() WHERE conversation_id = '$conversation_id'");
echo json_encode('success');

This works fine and seems to run okay, although I am getting empty results in MySQL where the variable data should be, and I don't know why.

The reason I have used the Ajax in the way I have is because it seemed to be the only option which actually worked for some reason? So I'm not sure if that has anything to do with the problem - please note that I literally have no idea how to use Ajax, I am still learning.

If anyone has any idea why the data isn't posting, it would be great to have your help! Thanks!

Snappysites
  • 815
  • 9
  • 35
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Dec 11 '15 at 19:52
  • If you'll look in your error logs you will see why your queries aren't working, unless you want to add error checking to the queries in your PHP scripts. You're just *assuming* your queries are good. – Jay Blanchard Dec 11 '15 at 19:53
  • Imagine I put `'; DROP DATABASE; --` in the message field!! – worldofjr Dec 11 '15 at 19:53
  • I'm not too worried about SQL injection as I can sort all that out once the script is actually working and I'm not getting any errors, the SQL is just empty where my variables should be? – Snappysites Dec 11 '15 at 20:13
  • To me it looks the typo error for the $message vs $usr_message... – Jas Dec 11 '15 at 20:41

1 Answers1

0

Your INSERT query is referring to "$usr_message"

mysqli_query($conn,
   "INSERT INTO ap_messages (
 message_id, message, sender_id, time_sent, time_read, conversation_id) 
 VALUES ('','$usr_message','$user_id', NOW(), NOW(), '$conversation_id')");

You are reading from the $POST as 

$message = $_POST['message'];

Change the above to 

$usr_message = $_POST['message'];
Jas
  • 336
  • 2
  • 7