Ajax and PHP Update

0

I'm having a problem editing the database values. My Script Code:

$(function(){
$(document).on('click', '#salvar_pedido', function(e) {
    e.preventDefault;

    var id = $(this).closest('tr').find('td#id').html();
    var nome = $(this).closest('tr').find('td#nome').html();
    var email = $(this).closest('tr').find('td#email').html();
    var celular = $(this).closest('tr').find('td#celular').html();
    var qtd = $(this).closest('tr').find('td#qtd').html();
    var cor = $(this).closest('tr').find('td#cor').html();
    var tam = $(this).closest('tr').find('td#tam').html();     
    var pag = $(this).closest('tr').find('td select#pagamento option:selected').val();        

    $.ajax({
        type      : 'POST', 
        url       : 'editar_pedido.php', 
        data      : {nome: nome, email: email, celular: celular, tam: tam, cor: cor, qtd: qtd, pag: pag}
    }).done(function(resp){
        alert("Alterado !");
    }).fail(function(jqXHR, resp){
        alert('Erro ao alterar '+ resp);
    }); 
});});

And my PHP:

$host= '';
$bd= '';
$userbd = ''; 
$senhabd= '';

error_reporting (E_ALL & ~ E_NOTICE & ~ E_DEPRECATED);

$conexao = mysqli_connect($host, $userbd, $senhabd, $bd);
mysqli_set_charset($conexao,"utf8");

    $id = $_POST ["id"];  
    $nome = $_POST ["nome"];  
    $email  = $_POST ["email"];   
    $celular  = $_POST ["celular"];   
    $tam  = $_POST ["tam"]; 
    $cor  = $_POST ["cor"]; 
    $qtd = $_POST ["qtd"]; 
    $pag = $_POST ["pag"]; 
    $dahr = strftime('%d de %B de %Y'); 
    mysqli_query($conexao, "UPDATE pedidos SET nome='$nome', email='$email', cel='$celular', tam='$tam', cor='$cor', qtd='$qtd', dahr='$dahr', pag='$pag' WHERE ID='$id'");
    mysqli_close($conexao);

But it does not change, but if I declare the values in PHP it makes the change. Are there any mistakes I'm not seeing?

    
asked by anonymous 06.08.2017 / 22:28

1 answer

0

To be honest, your code is bad, vulnerable to sql injection , with no verification in the POST indexes using closest .

First of all, I advised you to use PDO or MYSQLI .

Try to save your data in a hidden element a brief example:

echo '<input type="hidden" name="pedidoID" value="'. $pedidoID. '">';
echo '<input type="hidden" name="pedidoName" value="'. $pedidoNome. '">';

[.. etc ..]

In your JQUERY attempts to capture them this way:

$('input[name=pedidoID]').val();
$('input[name=pedidoName]').val();

Check PHP if indexes exist and filter them example:

$produtoName= if(isset($_POST['produtoName'])) ? filter_var($_POST['produtoName'], FILTER_SANITIZE_STRING) : NULL;

$produtoCor = if(isset($_POST['produtoCor'])) ? filter_var($_POST['produtoCor'], FILTER_SANITIZE_STRING) : NULL;

Extra

Always protect your ajax pages because you should not trust the user READ MORE .

    
07.08.2017 / 00:06