开发者

Button to trigger jQuery to grab HTML and save to database

问答 作者:

I have some jQuery that when you click the save button it triggers a function to grab the HTML matching a selector and post the HTML to save_report.php:

function saveReport() {
  $.post('save_report.php', function(data) {
    $('.report').html(data);
  });
}

$('.save').click(function () {
  saveReport();
});

In save_report.php I want to know how i can then save that string to my db.

$report = 开发者_Go百科$_POST[''];  # <-- not sure how to post

mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

mysql_query("INSERT INTO reports (id, report) VALUES('', $report) ")
  or die(mysql_error());

How do I retrieve the POST value in my php file?

Thanks

Couple of things wrong here... The posted code doesn't actually post any data, and the post and html functions are called incorrectly.

So, first I'll grab the html from the .report selector, and store it in a variable. Then I'll post it providing a variable name of 'report'. I added a simple callback that alerts what the web server sends back, which you can remove or change.

function saveReport() { 
  var data = $('.report').html();
  $.post('save_report.php', {'report':data}, function(response) { alert(response); }); 
}  

$('.save').click(function () { saveReport(); });

In your PHP, you would be looking for $_POST['report'] which is how I named the data being posted.

You're not sanitizing any of the input, so basically any random hacker could take over your entire database with SQL injection. At a minimum, after getting $_POST['report'], run it through the mysql_real_escape_string() function.

Most likely you need to change your jQuery code to 

function saveReport() {
   $.post('save_report.php', {report: $('.report').html(data)} );
}

and php to

$report = $_POST['report'];  **<-- not sure how to post**

mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database") or die(mysql_error());

mysql_query("INSERT INTO reports
(id, report) VALUES('', '".mysql_real_escape_string($report)."' ) ") 
or die(mysql_error());

Please don't forget to escape the HTML before you put it in your insert query. What you're doing has the potential to go very wrong very fast. I've modified your save_report.php code to fit Fosco's answer. I am now passing the 'optional' $link parameter to all of the mysql_* functions because in general it is a best practice to do so. I've also added some escaping of the value before it is used in your INSERT query; It is important to pass the $link parameter to the mysql_real_escape_string() function so it can properly escape the value.

$report = $_POST['report'];

$link = mysql_connect("localhost", "username", "password") or die(mysql_error());
mysql_select_db("database", $link) or die(mysql_error());

$report = mysql_real_escape_string($report, $link);

mysql_query("INSERT INTO reports (id, report) VALUES('', '{$report}')", $link)
  or die(mysql_error());

继续阅读:jqueryphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9