0
<script type="text/javascript">
        function signup() {
            var url = "process/sign-up-process.php?" + $("#signup-form").serialize();
            //                alert(url);
            $.get(url, function (data, status) {
                alert(data);
            });
        }
</script>

Page: process/sign-up-process.php code goes below

<?php
require_once('connection.php');

$full_name = filter_input(INPUT_GET, 'full_name', FILTER_SANITIZE_STRING);
$email = $_GET['email'];
$email = filter_var($email, FILTER_VALIDATE_EMAIL);
$user_password = filter_input(INPUT_GET, 'user_password', FILTER_SANITIZE_STRING);

$query = "INSERT INTO registered_users_list (full_name, email, user_password) VALUES ('$full_name', '$email', '$user_password')";
$query1 = mysqli_query($conn, $query);

$count = mysqli_affected_rows($conn);
if($count == 1){
    echo "Signed up";
}else{
    echo "Sorry";
}

?>

The problem is in "process/sign-up-process.php" page, when I comment out the query code and

echo "Some Random Text"

then the

alert(data)

works. But when I tried to run INSERT query it doesn't work. I think the error must be in PHP improved i.e mysqli string.

Nitesh Garg
  • 55
  • 1
  • 8
  • You are vulnerable to [sql injection attacks](http://bobby-tables.com). You are simply assuming that your queries will never fail. You also don't check if your "form" was properly filled out, and simply try to stuff whatever was received into the db, even if nothing or garbage was received. – Marc B Jul 14 '16 at 18:54
  • actually i have used "filter_input()" in the actual code and forgot to mention here – Nitesh Garg Jul 14 '16 at 18:55
  • irrelevant. `'` is a valid char in an email address, and will KILL your query. and sanitized_string doesn't help with sql injection either.You effectively have NO database security. – Marc B Jul 14 '16 at 18:56
  • have you looked in your logs? `display_erros` on? Checked for mysql errors? Checked the sql itself with the values from the form? – empiric Jul 14 '16 at 18:57
  • so what can i use else – Nitesh Garg Jul 14 '16 at 18:57

1 Answers1

0

I can bet $10 that the page you are requesting returns an error instead of text. In chrome, before sending the AJAX request press F12 and go to Network tab. Click on the () Clear sign to clear all entries if needed. Then when the ajax call proceeds check out the response. It's most probably a mysqli error page (Chrome dev console screenshot: http://image.prntscr.com/image/84e59bfb9caf4c9b9dcf8b5f79844176.png )

Probably even better: Request Monitoring in Chrome

A great tutorial if you don't know what I am talking about: https://www.youtube.com/watch?v=AXGB4tIRNgM

Community
  • 1
  • 1
Hop hop
  • 782
  • 7
  • 20
  • no actually the records are saving in the database successfully, but echo "Signed up"; is not working. – Nitesh Garg Jul 15 '16 at 05:14
  • And if the page I am requesting returns an error instead of text then the content must not uploaded in the database, but it do so – Nitesh Garg Jul 15 '16 at 05:48