PeterErhard
asked on
Saving form data using ajax, etc
I've been trying to find some examples on how to save form data to a mysql database with javascript & php but am really struggling to find any step by step good tutorials on what to do.
I found this one:
http://woork.blogspot.com/2007/10/insert-record-into-database-using-ajax.html
but it seems from the comments that it's open to hacking and it's over 4 years old now.
I also found this one:
http://www.myphpetc.com/2010/01/save-to-database-via-ajax-using-jquery.html
but I don't like how it goes to Google to get its javascript. If Google remove that link, then my script would be done which I obviously wouldn't want.
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript">
google.load("jquery", "1.4");
</script>
I found this one:
http://woork.blogspot.com/2007/10/insert-record-into-database-using-ajax.html
but it seems from the comments that it's open to hacking and it's over 4 years old now.
I also found this one:
http://www.myphpetc.com/2010/01/save-to-database-via-ajax-using-jquery.html
but I don't like how it goes to Google to get its javascript. If Google remove that link, then my script would be done which I obviously wouldn't want.
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
<script type="text/javascript">
google.load("jquery", "1.4");
</script>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>>I found this one:
>>http://woork.blogspot.com/2007/10/insert-record-into-database-using-ajax.html
>>but it seems from the comments that it's open to hacking
OK, but to address that issue, just make sure that every value that you are sending FROM the client/browser destined TO the db gets escaped with mysql_real_escape_string() :
On that tutorial
$url= $_GET['site_url'];
$sitename= $_GET['site_name'];
would become:
$url= mysql_real_escape_string($ _GET['site _url'] );
$sitename= mysql_real_escape_string($ _GET['site _name']);
In case it's not obvious, you will also need a file named "config.php" which will basically have the following:
<?php
//be sure to fill the following four variables. If you are running PHP AND mysql
//on the same machine, then set $DB_SERVER to localhost
$DB_SERVER="";
$DB_USERNAME="";
$DB_PASSWORD="";
$DB_NAME="Your Database name goes here";
mysql_connect($DB_SERVER,$ DB_USERNAM E, $DB_PASSWORD) or die( mysql_error() );
mysql_select_db($DB_NAME) or die( mysql_error() );
?>
>>I also found this one:
>>http://www.myphpetc.com/2010/01/save-to-database-via-ajax-using-jquery.html
>>but I don't like how it goes to Google to get its javascript
That shouldn't be a problem at all. Typically, its expected for you (the tutorial reader) to download a copy of the JS file to your own machine and link your page to YOUR own copy of the js file.
BTW: that snippet of code that links to google server is used to simply "import" a copy of the jquery library. So you can just go to jquery.com and download your own copy of jquery.
>>http://woork.blogspot.com/2007/10/insert-record-into-database-using-ajax.html
>>but it seems from the comments that it's open to hacking
OK, but to address that issue, just make sure that every value that you are sending FROM the client/browser destined TO the db gets escaped with mysql_real_escape_string()
On that tutorial
$url= $_GET['site_url'];
$sitename= $_GET['site_name'];
would become:
$url= mysql_real_escape_string($
$sitename= mysql_real_escape_string($
In case it's not obvious, you will also need a file named "config.php" which will basically have the following:
<?php
//be sure to fill the following four variables. If you are running PHP AND mysql
//on the same machine, then set $DB_SERVER to localhost
$DB_SERVER="";
$DB_USERNAME="";
$DB_PASSWORD="";
$DB_NAME="Your Database name goes here";
mysql_connect($DB_SERVER,$
mysql_select_db($DB_NAME) or die( mysql_error() );
?>
>>I also found this one:
>>http://www.myphpetc.com/2010/01/save-to-database-via-ajax-using-jquery.html
>>but I don't like how it goes to Google to get its javascript
That shouldn't be a problem at all. Typically, its expected for you (the tutorial reader) to download a copy of the JS file to your own machine and link your page to YOUR own copy of the js file.
BTW: that snippet of code that links to google server is used to simply "import" a copy of the jquery library. So you can just go to jquery.com and download your own copy of jquery.
hmmm
You need to complete some steps:
1. Create a javascript function that access the php file
You can use this function:
2. In your php file you can read variable
You can transmit morevariable to php.
3. For save to database in php read php docummentation on php.org, or ask.com
You need to complete some steps:
1. Create a javascript function that access the php file
You can use this function:
function saveindatabase(your_variable){
jQuery.ajaxSetup({async:false});
var file='';
file='your_file.php?code='+your_variable;
jQuery.get(file,function(fileContents){
//you can execute a javascript code here ex: alert or ....
});
jQuery.ajaxSetup({async:true});
}
2. In your php file you can read variable
code: $myvar=$_GET['code'];
You can transmit morevariable to php.
3. For save to database in php read php docummentation on php.org, or ask.com
ASKER
Thanks a lot :)
http://www.sitepoint.com/ajax-jquery-2/