Home > Net >  trying to pass data into ajax function, But can't
trying to pass data into ajax function, But can't

Time:11-05

How can I send these two variables into ajax, For using in upload.php page.

That's how I tried.

<?php
    if (!isset($_GET['lcid']) || $_GET['lcid'] == NULL) {
        echo "<script>window.location = 'insurt-documents.php';</script>";
    } else {
        $id = $_GET['lcid'];
    }
  ?>

  var error_images = '';
  var form_data = new FormData();
  var files = $('#multiple_files')[0].files;
  if(files.length > 15)
  {
   error_images  = 'You can not select more than 15 files';
  }
  else ............

But relevant code are...

   var id = "<?php echo $id ?>"; 
   $.ajax({
    url:"upload.php",
    // data: {id, form_data},
    data: {id : id, form_data},
    method:"POST",
    contentType: false,
    cache: false,
    processData: false,
    beforeSend:function(){
     $('#error_multiple_files').html('<br /><label class="text-primary">Uploading...</label>');
    },   
    success:function(data)
    {
     $('#error_multiple_files').html('<br /><label class="text-success">Uploaded</label>');
     load_image_data();
    }
   });

Some code for upload.php

   $id = $_POST['id'];
   $query = "
   INSERT INTO tbl_image (postid, image_name, image_description) 
   VALUES ('".$id."', '".$file_name."', '')
   ";

There are my works, But it doesn't run. Please Someone correct me. Thank You.

CodePudding user response:

data: {id : id, form_data} doesn't really make sense. You shouldn't put a FormData object inside an object which will then be stringified when sent to the server, since you've set processData to false. It will simply output [object Object] to the server (demo: https://jsfiddle.net/qe1o352p/ - watch the Network tool in your browser to see).

To compound that, you haven't even named the formdata property inside the object anyway, so PHP would have no way of finding any of the FormData and putting into the $_POST or $_FILES arrays.

Instead it would make a lot more sense to add the id as a property to the FormData object:

var form_data = new FormData();
form_data.append("id", "<?php echo $id ?>");

...

$.ajax({
    url:"upload.php",
    data: form_data,
...

Demo of working version: https://jsfiddle.net/qe1o352p/1/ (again watch the Network tool and see the difference compared to the original version.)

See also https://stackoverflow.com/a/10811427/5947043 for reference.


P.S. Warning: Your PHP/mysqli code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data.

https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the mysqli documentation and this: How can I prevent SQL injection in PHP? . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values.

  • Related