Simple bulletin board using ajax, insert doesn't work

Asked 2 years ago, Updated 2 years ago, 123 views

1 is inserted instead of what is written in textarea.
I don't know the cause, so I would appreciate it if you could tell me.
Thank you for your cooperation.

index.php

<divid="content">
    <div style="text-align:right"><a href="logout.php">Logout</a></div>;
    <form action="javascript:void(0)" method="post" id="form">
        <textarea name="message" id="message" cols="70" rows="15" placeholder="Please leave a note">/textarea><br>
        <input type="submit" value="write" id="write">
    </form>
</div>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
  <!--Reading jQuery Library-->
  <script type="text/javascript">
// For messages
    $(function(){
            // button click
            $('#write').on('click', function(){
                $.ajax({
                    url: 'index_do.php',
                    type: 'POST',
                    data: {
                        'message': $('#message').val()
                    }
                })
                // Invoked when Ajax request is successful
                .done((data)=>{
                    $('.result') .html(data);
                    console.log(data);
                })
                // Invoked when Ajax request fails
                .fail((data)=>{
                    $('.result') .html(data);
                    console.log(data);
                })
                // Ajax request invokes either successful or unsuccessful
                .always((data)=>{

                });
            });
        });
  </script>

index_do.php

<?php
    header('Content-type:text/plain; charset=UTF-8');
    $message=h(isset($_POST["message"]);
    echo$message;//for confirm
    $db->query("INSERT INTO tb(mes) VALUES('$message')");
    $db->query("UPDATE`tb`");
    echo$message;
?>

php ajax

2022-09-30 21:42

1 Answers

issu($_POST["message"])

returns TRUE (existence) or FALSE (existence), so in h(), the logical type is converted to letters or numbers and "1" is displayed.

If you are using isset to determine if $_POST["message"] exists.

if(isset($_POST["message"])){
$message=h($_POST["message"]);
} else {
// $_POST ["message"] does not exist
}

I think it's good to say that
P.S. Watch out for cross-site scripting (XSS) and SQL injection!

2022-09-30 21:42

If you have any answers or tips

Popular Tags
python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
Popular Questions

578 Understanding How to Configure Google API Key

616 Uncaught (inpromise) Error on Electron: An object could not be cloned

910 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

880 /usr/bin/google-chrome:symbol lookup error:/usr/bin/google-chrome: undefined symbol:gbm_bo_get_modifier

581 PHP ssh2_scp_send fails to send files as intended

© 2024 OneMinuteCode. All rights reserved.