-1

I am trying to apply oop concept on PHP to have a contact us form that works with ajax. The response gives me false that means whenever I submit the form alert message appears 'couldn't send your request' and I couldn't find the specific problem. I have a class for the connection to the database, and another class to send the form to the database and the form itself is a part of the home page. These are my codes after some edits:

1-the connection page and class

    <?php
class db_conn {
  private $servername;
  private $username;
  private $password;
  private $dbname;

  protected function connect(){

    $this->servername="localhost";
    $this->username="root";
    $this->password="";
    $this->dbname="class_on_click";

    $conn=new mysqli($this->servername, $this->username, $this->password, $this->dbname);
    
    return $conn;
     
  }
}
?>

2-The class and page to insert data to the database:

    <?php 
require_once "db_conn.php";
class contact_conn extends db_conn{
    public function sendForm(){
        if(isset($_POST['submit'])){
            $name=$_POST['name'];
            $email=$_POST['email'];
            $id=$_POST['id'];
            $message=$_POST['message'];
            $connection  = $this->connect();
            $send= mysqli_query($connection, "insert into contact_us_form(name, id, email, message) values('$name','$id','$email','$message')");
              if($send){
                  $response['success'] = true;
              }

            else{
                $response['success']= false; 
            } 
          }
          $connection->close();
        }
}
?>

3-The part of code on the home page where the form is there and the ajax function too:

$("#contact-form").on("submit",function(e){
                e.preventDefault();
                var name = document.getElementById("name").value;
                if(name.length==' '){
                    $("#name").css("border","2px solid red");
                } 
                var id = document.getElementById("id").value; 
                if(id.length !== 7 || /[a-z]/gi.test(id) || /[\W]/g.test(id)){
                    $("#id").css("border","2px solid red");
                }

                var email = document.getElementById("email").value;
                if (!((email.indexOf(".") > 0) && (email.indexOf("@") > 0)) || /[^a-zA-Z0-9.@_-]/.test(email)){
                    $("#email").css("border","2px solid red"); 
                }
                var message = document.getElementById("message").value;
                var required = 30; 
                var left = required - message.length;
                if(left > 0){
                alert(left+' more characters are required to send the message.');
                $("#message").css("border","2px solid red"); 
                }

                else
                {
                    var sendData = {name:name, id:id, email:email, message:message};
                    $.ajax({ url: "contact_conn.php", type: "POST", data: sendData, success: function(response)
                    {
                        if(response == true){
                            alert('Thank you! We will contact you soon.');
                        }

                        if(response == false){
                            alert("couldn't send your request.");
                        }
                        
                     }
                    });
                }
            });
Reham Issa
  • 1
  • 2
  • Can you share the html code for the contact us page? – Oyedele Femi May 17 '22 at 05:40
  • 1
    So where does `$response` actually get send to the client ...? All I see you do is assign a value to `$response['success']`, but that's it. – CBroe May 17 '22 at 06:37
  • 1
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson May 17 '22 at 08:20
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 17 '22 at 08:20
  • Never configure your web app to login to the database as `root`. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. – ADyson May 17 '22 at 08:20
  • Anyway, agreed, you don't seem to be doing anything with the `$response` variable in PHP - you never return it from the function, and/or echo it, so that's likely why you can't see it in the JS – ADyson May 17 '22 at 08:21
  • Also, since in the PHP you're making an associative array (e.g. `$response['success']`) then its value will never simply be `true` (as in `if(response == true){`). You'd need to encode the echoe'd PHP variable as JSON, and then alter the JS to parse that JSON and read the "success" property from it. – ADyson May 17 '22 at 08:23

0 Answers0