-1

I have a javascript variable with some value. I have to save this variable in PHP and then to a sql database. What is the code to be used in PHP and script tag to achieve this?

ARUN TG
  • 9
  • Welcome to StackOverflow. When posting questions please add as much relevant detail as possible, including code snippets showing what you have attempted, and what isn't working. You can read more here: https://stackoverflow.com/help/minimal-reproducible-example – fraggley May 10 '20 at 03:47
  • Read up on how to use ajax. You won't have any problems finding tutorials on php with ajax. Please note that this question is far too broad based on guidelines in the [help] – charlietfl May 10 '20 at 03:50
  • Does this answer your question? [How do I pass JavaScript variables to PHP?](https://stackoverflow.com/questions/1917576/how-do-i-pass-javascript-variables-to-php) – Jsowa May 10 '20 at 04:13

2 Answers2

1

Use should use ajax to do this task.

Use the following code-

Your javascript-

var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
  if (this.readyState == 4 && this.status == 200) {
    //code goes here ...
    //console.log("Request Sent");
    //console.log(this.responseText);
  }
  xhttp.open("GET", "js_to_php.php?foo=bar&bar=foo", true); //edit this according to your variables
  xhttp.send();
}

Your php file (in example- js_to_php.php )-

<?php
if(isset($_GET['bar'])){    // this is to avoid errors if variable is not set
    $foo = $_GET['foo'];
    //echo "Got foo";         //this is optional, can be used to validate response
}
else{
    echo "Error: did not get foo"
}
if(isset($_GET['bar'])){    // this is to avoid errors if variable is not set
    $bar = $_GET['bar']
    //echo "Got bar";       //this is optional, can be used to validate response
}
else{
    echo "Error: did not get bar"
}

//Now you can call the query to the database
//Your code goes here...
?>

What this does is- The javascript sends a get request to the php page containing your data. The php script stores that data as a variable which can be used later.

NOTE: Don't forget to sanitise data before passing it to database as this code is unsafe to sql injections !

You can sanitise data by using PDO or mysqli_real_escape_string

A Guide to prevent SQL Injections -> https://www.esecurityplanet.com/threats/how-to-prevent-sql-injection-attacks.html

Legendary Jaguarz
  • 53
  • 6
  • since this is somebody that is new to php, I would suggest exactly what you mentioned except not focus on the sql injection vulnerability. These concepts can get difficult to grasp as you start coding. I would start with "vulnerable" code and then wrap it in sanitized data functions and prepared statements after the base code is working. – Scott Plude May 10 '20 at 05:19
0

I think that the most typical aproach nowdays is to have an API.

Create a form -> call an endpoint in your API when submiting this form -> In PHP catch the values with some global variables like $_POST or $_GET -> Then you should use PHP to make an insert query to your database. It could look something like this:

INSERT INTO tableName VALUES ('yourValue')

I'm not an expert in PHP and SQL Databases, but hope you can find my answer usefull.

Cristhian Cantillo
  • 1