0

I'm a newbie in AJAX.

I looked for the solution in Google, but I didn't find a working solution.

So, I want to send data from a jquery's draggable div to sql via php.

index.html :

<html>
[...]
<body>
<myDiv>bla bla</div>

<script>
$( "myDiv" ).draggable({ stop: function() {
var position = $(this).position();
var xPos = $(this).css('left');

$.ajax({
      type: "post",
      url: "update.php",
      data: xPos,
      cache: false,
      }
}
});

</script>

</body>
</html>

update.php :

   <?php 
    require("db.php");

             $xpos = $_POST['xPos'];
             mysql_query("UPDATE item SET pos_x = '" . $xpos . "' WHERE ID = '". $post_ID."'");

        mysql_query($query) or die('Error, insert query failed');
    }
    ?>​

db.php :

  <?php
    $dbhost              = "**";
    $dbuser              = "**";
    $dbpass              = "**";
    $dbname              = "**";

    $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ("Error connecting to mysql");
    mysql_select_db($dbname);
    ?>​

Could someone tell me where I'm wrong?

Improve this question
5
  • The pronoun "I" is always capitalised in English. What is the problem? Why do you think something is "wrong"? What happens when you run your code? Commented May 9, 2011 at 10:57
  • Your update.php contains a syntax error; why is } there? You also have no SQL injection prevention whatsoever; why not? Commented May 9, 2011 at 10:58
  • i smell sql injection. i hope you have magic_quotes_gpc on [to make this clear: i don't encourage anyone to use magic_quotes_gpc instead of proper programming] Commented May 9, 2011 at 10:59
  • 1
    @lawl0r: It's 2011. I hope that nobody has magic_quotes_gps on. Commented May 9, 2011 at 10:59
  • You're also missing ); after the braces on the cache: false line in your js. And where is $post_ID defined in your php? Commented May 9, 2011 at 11:02

1 Answer 1

Reset to default
1

You need to supply a named attribute for $_POST['xPos'] to work. Change this in your ajax call:

$.ajax({
      type: "post",
      url: "update.php",
      data: xPos, // Change this to --> data: 'xPos=' + xPos,
      cache: false,
      }
} // <-- get rid of this
});

Few errors in your update.php:

         // if xPos is not defined it could throw an error.
         // make sure you do if (isset($_POST['xPos'])) { [...below code here...] }
         $xpos = $_POST['xPos']; 

         // !! sql injection warning!!
         // change to mysql_real_escape_string($xpos),
         //           mysql_real_escape_string($post_ID) ..... etc.
         // also where is $post_ID defined? If this is a magic variable, naughty!
         // always use the global magic variables $_POST $_GET, etc.
         mysql_query("UPDATE item SET pos_x = '" . $xpos . "' WHERE ID = '". $post_ID."'");


    mysql_query($query) or die('Error, insert query failed');
}
?>​
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks a lot, it works. The "$post_ID" variable is already declared in my complete code.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.