AJAX syntax: Is this the way to do it?
I am trying to use AJAX to check if a user already exists in my database. For simplicity's sake I'll just c开发者_如何学Goheck firstname and lastname for now. Here is what I got:
The .php file with the form and the JavaScript error handling:
$.get('verify_unique.php',{firstname:frm.add_fd2.value, lastname:frm.add_fd3.value},function(data){
if (data.matches>0){
var num_rows='1';
}else{
var num_rows='0';
}
}, "json");
function check(frm) {
var szAlert = "Invalid\n";
var nIndex = 0;
if (num_rows > 0) {
nIndex++;
szAlert += "- " +"This name already exists "+num_rows +" times\n";
}
if (!RequiredField(frm.add_fd1.value)) {
nIndex++;
szAlert += "- " +"'Title' cannot be blank\n";
}
etc
The file verify_unique.php:
// DATABSE PARAMETERS
$link = @mysql_connect($host,$user,$passwd);
$database=mysql_select_db($db);
$firstname=$_GET['firstname'];
$lastname=$_GET['lastname'];
$result=mysql_query('SELECT * FROM organisations WHERE FirstName="'.$firstname.'" AND LastName="'.$lastname.'"', $link);
header('Content-Type: application/json');
echo '{matches:'.mysql_num_rows($result).'}';
?>
When I submit the form, not only doesnt it return my AJAX warning, it also skips my javascript checks. Unfortunately it doesn't throw any errors. Can someone see where I went wrong?
Thanks Marius
EDIT: CURRENT SITUATION:
$.get('verify_unique.php',{firstname:frm.add_fd2.value, lastname:frm.add_fd3.value},function(data){
if (data.matches>0){
var num_rows='1';
}else{
var num_rows='0';
}
}, "json");
Debugger: frm is not defined. frm is the name of the only form on this page, which can be called by javascript to perform sanity checks no problem. Nothing changed in the verify_unique.php file
DANGER:
$result=mysql_query('SELECT * FROM organisations WHERE FirstName="'.$firstname.'" AND LastName="'.$lastname.'"', $link);
This is an invitation to SQL Injection attacks! You need to escape the firstnames and lastnames before you send them in to SQL.
加载中,请稍侯......
精彩评论