ajax call does not return from php-script

Question

my issue is that i have two ajax calls to php for a registration form. First is username availability check which works absolutely fine and second is password check which does not work, database and all three files are definately connected I cant find the problem though. Thank you if someone knows it.
here is the html:

<div id="registration_form">
    <table>
         <tr>
            <td>Choose Username:</td>
            <td><input type="text" id="username" autofocus="autofocus"  /><span id="username_status"> </span></td>
         </tr>
        <tr>
            <td>Choose Password:</td>
            <td><input type="password" id="password" /> <span  id="password_status"></span></td>
         </tr>
         <tr>
            <td>Confirm Password:</td>
            <td><input type="password" id="confirmpassword" /> <span  id="pconfirm_status"></span></td>
         </tr>
        <tr>
            <td>Email:</td>
            <td><input type="text" id="email" /><span id="email_status"></span></td>
         </tr> 
         <tr>
            <td>Confirm Email:</td>
            <td><input type="text" id="confirmemail" /><span id="econfirm_status"></span></td>
         </tr>
        <tr>
            <td><input type="submit" value="Register" id="submit" />    </td>
         </tr>
    </table>
        <div id="regform_reply"></div>
</div>

Here is the jquery:

$('#password').keyup(function()
{
var password = $(this).val();
$('#password_status').text('Searching...');
    if (password != '')
    {
        $.post('php/register.php', { password: password }, function(data)
        {
            $('#password_status').text(data);
        });
    }
    else
    {
        $('#password_status').text('');
    }           
});


$('#username').keyup(function()
{
var username = $(this).val();
$('#username_status').text('Searching...');
    if (username != '')
    {
        $.post('php/register.php', { username: username }, function(data)
        {
            $('#username_status').text(data);
        });
    }
    else
    {
        $('#username_status').text('');
    }           
});

here is the php:

<?php
include '../connect/userdb_connect.php';

if (isset($_POST['password']))
{
$password = mysql_real_escape_string($_POST['password']);
if (!empty($password))
{
    if (strlen($password)>25)
    {
        echo 'Too long';
    }
    else if(strlen($password)<6)
    {
        echo 'Too short';
    }
    else
    {
        echo 'Fine';
    }
}   
}

if (isset($_POST['username']))
{
$username = mysql_real_escape_string($_POST['username']);
if (!empty($username))
{
    $check = mysql_query("SELECT `user_name` FROM `userbase` WHERE `user_name`  = '$username'");
    $result = mysql_num_rows($check);

    if ($result == 0 && strlen($username) <25)
    {
        echo 'Available';
    }
    else if($result == 1 && strlen($username) <25)
    {
        echo 'Already taken';
    }
    else
    {
        echo 'Too long';
    }
}           
}
?>

What does the JS console (Firebug / Chrome's console) say about the XmlHttpRequest? Is there a link you have so we can look at the console and the script in whole? — ccKep, May 9 '12 at 21:37
Also, what exactly "doesn't work"? Are you getting no reply or the wrong reply? — ccKep, May 9 '12 at 21:49

adeneo · Accepted Answer · 2012-05-09 22:47:31Z

I'd go for something like :

$('#password').on('keyup', function() {
    //there's no need to do ajax to check input length, just always validate on the server aswell
    var password = this.value;
    if (password != '') {
        $('#password_status').text('Searching...');
        if (password.length>25) {
            $('#password_status').text('Too long');
        }else if (password.length<6) {
            $('#password_status').text('Too short');
        }else{
            $.post('php/register.php', { password: password }, function(data) {
                //do you really need to check this, other then when inserting to DB ?
                $('#password_status').text(data); 
            });
        }
    }else{
        $('#password_status').text('');
    }
});

$('#username').on('keyup', function() {
    var username = this.value;
    if (username != '') {
        $('#username_status').text('Searching...');
        if (username.length>25) {
            $('#username_status').text('Too long'); 
        }else if (username.length<6) {
            $('#username_status').text('Too short'); 
        }else{
            $.post('php/register.php', { username: username }, function(data) {
                $('#username_status').text(data);
            });
    }else{
        $('#username_status').text('');
    }
});

PHP

<?php
    include '../connect/userdb_connect.php';

    if (isset($_POST['password'])) {
        $password = mysql_real_escape_string($_POST['password']);
        if (!empty($password) && strlen($password)<25 && strlen($password)>6) {
            //hash and insert into db
        }else{
            //error
        }
    }else{
       //no POST var
    }

    if (isset($_POST['username'])) {
        $username = mysql_real_escape_string($_POST['username']);
        if (!empty($username) && strlen($username)<25 && strlen($username)>6) {
            $check = mysql_query("SELECT `user_name` FROM `userbase` WHERE `user_name`  = '$username'");
            $result = mysql_num_rows($check);
            if ($result == 0) {
                echo 'Available';
            }else if ($result == 1) {
                echo 'Already taken';
            }
        }else{
            //error
        }
    }else{
       //no POST var
    }
?>

Jeff Davis · Answer 2 · 2012-05-09 21:38:34Z

up vote 0 down vote

You probably want to remove the mysql_real_escape_string as you are not passing it to mysql. It may be that some of the escape sequences are confusing your comparisons.

So $password = mysql_real_escape_string($_POST['password']);

Should just be $password = $_POST['password'];

(Not saying that this will be ok when you do put it in the database, but it should be fine for doing a strlen function on)

answered May 9 '12 at 21:38

Jeff Davis
2,08911839

What's to stop me from manually accessing said page then and using it to get malicious code into the sql query? – ccKep May 9 '12 at 21:40

What SQL query? There's no SQL query on the password here. If he does add a SQL query, then yes, it will need to be escaped. – Jeff Davis May 9 '12 at 21:43

Forgive me, just skipped over that - you're right ofcourse! – ccKep May 9 '12 at 21:45

@ccKep It's a shot in the dark anyway :) – Jeff Davis May 9 '12 at 21:47

add a comment |

asked	2 years ago
viewed	410 times
active	2 years ago

current community

your communities

more stack exchange communities

ajax call does not return from php-script

2 Answers 2

Your Answer

Not the answer you're looking for? Browse other questions tagged php jquery ajax or ask your own question.

Hot Network Questions

current community

your communities

more stack exchange communities

ajax call does not return from php-script

2 Answers 2

Did you find this question interesting? Try our newsletter

Your Answer

Sign up or log in

Post as a guest

Not the answer you're looking for? Browse other questions tagged php jquery ajax or ask your own question.

Related

Hot Network Questions