0

I have a form that has a select box of months in the year which upon selection of any month should display all the days in that month on the same page. I have tried to use ajax to achieve this but somehow I am not getting any result. When I view the page I call via ajax directly, I get the intended result there. Cant figure out why the main page is not displaying the result.

Main Page

 <form method="post" action="" name="form_cal" id="form_cal">
    <div>
        <span><label class="h5"><strong>Month for Screening</strong></label></span>
        <span>                          
            <select name="month" id="month" value="" tabindex="1" aria-hidden="true" required style="height:50px;display: block;padding:10px;" class="h5">
                <option value="" selected="selected">- Select One -</option>
                <option value="1">January</option>
                <option value="2">Febuary</option>
                <option value="3">March</option>
                <option value="4">April</option>
                <option value="5">May</option>
                <option value="6">June</option>
                <option value="7">July</option>
                <option value="8">August</option>
                <option value="9">September</option>
                <option value="10">October</option>
                <option value="11">November</option>
                <option value="12">December</option>
            </select>
        </span>
    </div>
</form>
<div id="calendar-display"></div>

The JS

<script type='text/javascript'>
$(document).ready(function(){ 
  var timer = null; 
  var dataString; 
  function submitForm(){
      $.ajax({ type: "POST",
                url: "calendar-action.php",
                data: dataString,
                success: function(result){
                    $('#calendar-display').php(result);
                }
      });
      return false;
  }
  $('#month').on('change', function() {
     clearTimeout(timer);
     var month = $(this).val();
     dataString = 'month='+ month;
     timer = setTimeout(submitForm, 050);
 });
});

Then the page called by ajax in PHP

<?php 
if($_POST){

        date_default_timezone_set('Africa/Lagos');
        $date = date('Y-m-d H:i:s');
        $ucimslots = "25";
        $curyear = date("Y");
        $month = mysqli_real_escape_string($connQlife, $_POST['month']);
        $day = date('j');
        $daysinmonth = date('t',mktime(0,0,0,$month,1,$curyear));
        //$daysleftinmonth = $daysinmonth - $day;
}
?>

        <div id="calendar-display">
        <?Php for($day = 1; $day <= $daysinmonth; $day++){ ?>
        <div class="calendarcont">
            <div class="calendarheadercont">
                <div class="calendarday"><?Php echo date("l", mktime(0, 0, 0,$month,$day,$curyear)); ?></div>
                </div>
                <div class="clear_1"></div>
                <div class="calendarsubcont">
                    <div class="calendardatecont">
                        <div class="calendarmonth"><?Php echo date("M", mktime(0,0,0, $month,$day,$curyear)); ?></div>
                        <div class="calendardate"><?Php echo date("j", mktime(0,0,0,$month,$day,$curyear)); ?></div>
                 </div>
                 <div class="calendartextcont">
                     <div class="calendartext">Available slots: <?Php echo $availableslots; ?></div>
                 </div>
             </div>                                         
          </div>
        <?Php } ?>                   
        </div>
barbsan
  • 3,238
  • 11
  • 18
  • 27
Michael Agbogidi
  • 37
  • 6
  • Why do you use `mysqli_real_escape_string`? – Dharman Jun 05 '19 at 10:40
  • @Dharmanthis is part of a lager project i am working on. there is still going to be database entry for month. S im just guarding against sql injections – Michael Agbogidi Jun 05 '19 at 13:30
  • That is not the proper way of guarding against SQL injections, don't use it! See this post: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Dharman Jun 05 '19 at 13:32
  • @DharmanYes i am using prepared statements. But if i get you right, are you saying i dont nedd to escape the input bfore outing it in the prepared statement? – Michael Agbogidi Jun 05 '19 at 13:38
  • If you use parameters and binding the data then no. If you are just putting it into SQL string, then nothing will protect you. – Dharman Jun 05 '19 at 13:40
  • @DharmanYes i use parameters. I had always escaped as well. Okay something learnt today. Thanks. – Michael Agbogidi Jun 05 '19 at 13:42

1 Answers1

1

In your JavaScript, you try make a php() function call, which is invalid:

$('#calendar-display').php(result);

Instead you should be using html():

$('#calendar-display').html(result);

Gary Thomas
  • 2,147
  • 1
  • 7
  • 19
  • oh shit. Thanks @Gary Thomas im writing the page as a php page and typed php in there. Thanks for pointing that out. It now works fine. – Michael Agbogidi Jun 05 '19 at 10:31