Home/ Questions/Q 6792229
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T17:56:37+00:00

I have a page that I use AJAX to save some data in a

  • 0

I have a page that I use AJAX to save some data in a DB. As below, when I click on the button, it posts data to add-to-db.php

My problem is that I used numbers instead of values for my testings and worked. Now that I have to make use of variables it does not.
I guess I have to post the values of $dealid and $myid but how can I do this?

Thank you.

in my product.php I have this

<script>
$(function(){
    $("#JqPostForm").submit(function(e){
       e.preventDefault();   

        $.post("add-to-db.php",
        function(data){

            $("#message_post").html("Thank you");


        });
    });

});
</script>

$dealid = (int)$_GET["id"];
$myid = $_SESSION['SESS_MEMBER_ID'];

and in the add-to-db.php I have this query but it does not save in DB

$query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('$_SESSION['SESS_MEMBER_ID']', '$dealid', '$_SERVER[REMOTE_ADDR]')";

however when I added VALUES ('1', '2', '$_SERVER[REMOTE_ADDR]')"; it worked

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First, the variables in the form on product.php need to be sent to add-to-db.php. Right now, no variables are being sent, because none are specified in your $.post() call. To do this, you can:

    $.post("add-to-db.php", $("#myform").serialize(), function (data){
   $("#message_post").html("Thank you");
});

    Once you send the variables off to add-to-db.php, you can read them by accessing the $_POST array, assuming you have register_globals OFF in php.ini, and your field is called dealid

    $query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('$_SESSION['SESS_MEMBER_ID']', '".$_POST['dealid']."', '$_SERVER[REMOTE_ADDR]')";

    However – do not use this code. You must santize all POST and should sanitize SESSION and SERVER variables in your queries, or you risk the safety of your website.

    $dealid = mysql_real_escape_string($_POST['dealid']);
$sessid = mysql_real_escape_string($_SESSION['SESS_MEMBER_ID']);

    Then use these variables instead in your SQL query:

    $query = "INSERT INTO reverse_relations (user_id, product_id, ip) VALUES ('{$sessid}', '{$dealid}', '$_SERVER[REMOTE_ADDR]')";
    • 0