大家好我想在没有页面重新加载的情况下提交表单,这是AJAX看似简单的事情,但我似乎无法对我的数据库进行任何更改。如果AJAX成功,我的javascript中有一个警报设置,并且它似乎每次触发,所以我认为变量确实是从AJAX发出的,但当我得到join.php时,我不要以为它记得,因此不能正确处理。
首先,这是相关的script.js:
$(document).ready(function () {
//----SUBMIT---//
$(".submit").click(function () {
// validate and process form here
$('.error').hide();
var studentEmail = $("input#studentEmail").val();
if (studentEmail == "") {
$("label#studentEmail_error").show();
$("input#studentEmail").focus();
return false;
}
var studentPassword = $("#studentPassword").val();
var parentEmail = $("#parentEmail").val();
var parentPassword = $("#parentPassword").val();
var studentFirstName = $("#studentFirstName").val();
var studentLastName = $("#studentLastName").val();
var studentPhone = $("#studentPhone").val();
var parentFirstName = $("#parentFirstName").val();
var parentLastName = $("#parentLastName").val();
var parentPhone = $("#parentPhone").val();
var dataString = 'studentEmail=' + studentEmail
+ '&studentPassword=' + studentPassword
+ '&parentEmail=' + parentEmail
+ '&parentPassword=' + parentPassword
+ '&studentFirstName=' + studentFirstName
+ '&studentLastName=' + studentLastName
+ '&studentPhone=' + studentPhone
+ '&parentFirstName=' + parentFirstName
+ '&parentLastName=' + parentLastName
+ '&parentPhone=' + parentPhone;
alert(dataString);
$.ajax({
type: "POST",
url: "join.php",
data: dataString,
success: function () {
alert("success");
}
});
return false;
});
});
然后加入.php
if($_POST) {
$studentEmail=$_POST['studentEmail'];
$studentPassword=$_POST['studentPassword'];
$parentEmail=$_POST['parentEmail'];
$parentPassword=$_POST['parentPassword'];
$studentFirstName=$_POST['studentFirstName'];
$studentLastName=$_POST['studentLastName'];
$studentPhone=$_POST['studentPhone'];
$parentFirstName=$_POST['parentFirstName'];
$parentLastName=$_POST['parentLastName'];
$parentPhone=$_POST['parentPhone'];
//create database connection
$connection = mysql_connect("localhost","XXXX","XXXX");
//in case database connection fails
if(!$connection) {
die("Database connection failed: ".mysql_error());
}
else{
//select database to use
$db_select = mysql_select_db("XXXX",$connection);
//in case database selection fails
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
else {
//make sql query
$sql = "INSERT INTO clients (`studentEmail`,
`studentPassword`,
`parentEmail`,
`parentPassword`,
`studentFirstName`,
`studentLastName`,
`studentPhone`,
`parentFirstName`,
`parentLastName`,
`parentPhone`)
VALUES ('".$studentEmail."',
'".$studentPassword"',
'".$parentEmail."',
'".$parentPassword."',
'".$studentFirstName."',
'".$studentLastName."',
'".$studentPhone."',
'".$parentFirstName."',
'".$parentLastName."',
'".$parentPhone."')";
//set results to variables
$result = mysql_query($sql);
//in case query fails
if (!$result) {
die("Database query failed: " . mysql_error());
}
}
}
}
else {
echo "FAIL";
}
答案 0 :(得分:0)
你有一个mysql错误,没有引号:
<强>修正:强>
$sql = "INSERT INTO clients (`studentEmail`, `studentPassword`, `parentEmail`, `parentPassword`, `studentFirstName`, `studentLastName`, `studentPhone`, `parentFirstName`, `parentLastName`, `parentPhone`)
VALUES ('".$studentEmail."', '".$studentPassword"', '".$parentEmail."', '".$parentPassword."', '".$studentFirstName."', '".$studentLastName."', '".$studentPhone."', '".$parentFirstName."', '".$parentLastName."', '".$parentPhone."')";
答案 1 :(得分:0)
尝试将$.post()
调用更改为:
$.ajax({
type: "POST",
url: "join.php",
data: dataString,
success: function(data) {
alert ("Success: "+ data);
}
});
并且,在PHP代码的开头,放置它:
var_dump($_POST);
这样,警报消息将显示从PHP收到的数据。
由于我发现此处没有人看到该代码带来的最大安全风险,我在此处添加:
在将其添加到查询中之前,请确保将每个字符串从帖子传递到mysql_real_escape_string()
!
如果有人将此作为他的电子邮件地址发布了怎么办?:
'); DROP TABLE clients; --
我仔细检查了jQuery.ajax()
和jQuery.post()
的文档。虽然.post()
只是.ajax()
的快捷方式,但它们的语法不同:
jQuery.post( url [, data] [, success(data, textStatus, jqXHR)] [, dataType] )
jQuery.ajax( settings )
(上面也更新了代码)。
试试这个应该“开箱即用”的代码:
JavaScript:
$(document).ready(function(){
$(".submit").click(function() {
$('.error').hide();
var studentEmail = $("input#studentEmail").val();
if (studentEmail == "") {
$("label#studentEmail_error").show();
$("input#studentEmail").focus();
return false;
}
var dataString = {
studentEmail : studentEmail,
studentPassword : $("#studentPassword").val(),
parentEmail : $("#parentEmail").val(),
parentPassword : $("#parentPassword").val(),
studentFirstName : $("#studentFirstName").val(),
studentLastName : $("#studentLastName").val(),
studentPhone : $("#studentPhone").val(),
parentFirstName : $("#parentFirstName").val(),
parentLastName : $("#parentLastName").val(),
parentPhone : $("#parentPhone").val(),
};
$.ajax({
type: "POST",
url: "join.php",
data: dataString,
success: function(data) {
alert ("success: "+ data);
}
});
return false;
});
});
PHP代码
var_dump($_POST);
echo "\n\n"; // Some white space here
if($_POST) {
$connection = mysql_connect("localhost","XXXX","XXXX");
if(!$connection) {
die("Database connection failed: ". mysql_error());
}
if (!mysql_select_db("XXXX",$connection)) {
die("Database selection failed: " . mysql_error());
}
// Read data from POST
$studentEmail = mysql_real_escape_string($_POST['studentEmail']);
$studentPassword = mysql_real_escape_string($_POST['studentPassword']);
$parentEmail = mysql_real_escape_string($_POST['parentEmail']);
$parentPassword = mysql_real_escape_string($_POST['parentPassword']);
$studentFirstName = mysql_real_escape_string($_POST['studentFirstName']);
$studentLastName = mysql_real_escape_string($_POST['studentLastName']);
$studentPhone = mysql_real_escape_string($_POST['studentPhone']);
$parentFirstName = mysql_real_escape_string($_POST['parentFirstName']);
$parentLastName = mysql_real_escape_string($_POST['parentLastName']);
$parentPhone = mysql_real_escape_string($_POST['parentPhone']);
$sql = "INSERT INTO clients ".
"(`studentEmail`, `studentPassword`, `parentEmail`, `parentPassword`, ".
"`studentFirstName`, `studentLastName`, `studentPhone`, `parentFirstName`, ".
"`parentLastName`, `parentPhone`) ".
" VALUES ('$studentEmail', '$studentPassword', '$parentEmail', ".
"'$parentPassword', '$studentFirstName', '$studentLastName', ".
"'$studentPhone', '$parentFirstName', '$parentLastName', '$parentPhone')";
$result = mysql_query($sql);
if ($result) {
echo "Database query successful!";
}
else {
die("Database query failed: " . mysql_error());
}
}
答案 2 :(得分:0)
您是否尝试过具有虚拟值的脚本以确保其正常工作。
您可以从sql中删除引号(“”)并替换为'$ variable',它将整个查询转换为字符串。
join.php在同一目录中吗?
您是否在开发人员工具中抛出了跨域错误?如果是这样,您可能必须使用jQuery解决方法。
答案 3 :(得分:0)
只要收到响应,您的警报就会触发实际的PHP代码是否被执行。
我会尝试在你的if($ _ POST)语句之前调用一个'echo“TEST”'语句。继续搞乱这种方法,直到找出你的代码在哪里失败。如果仍未执行POST,请检查join.php的文件路径并确保它位于同一目录中。
另外,您是尝试在本地执行此操作还是将其托管在Web服务器上?
另外请注意,在发布之前,您应该在用户输入上使用encodeURI(..)作为良好做法。
以下是生成数据字符串的重构方法,请考虑:
//create an object
var dataObj = {};
//get inputs from form with id = formID
//for each input, add a property matching the input id to the dataObj and store the value of the field as the value for that property.
$("#formID :input").each( function (this) {
var id = this.attr(id); //might be a bit off
var val = this.val(); //same here
dataObj[id] = encodeURI(val);
});
语法可能有点过时,暂时没有这样做。