-1

PHP As you can see i have define all the script correctly but ajax is not working and no status messege is showing on data success.the error is Uncaught syntaxx error

    $type=get_safe_value($_POST['type']);
    
    if($type=='password'){
    $old_password=get_safe_value($_POST['old_password']);
    $new_password=get_safe_value($_POST['new_password']);
        
$check=mysqli_num_rows(mysqli_query($conn,"select * from lab_details where        password='$old_password'"));
$res=mysqli_query($conn,"select password from lab_details where id='$lid'");
$row=mysqli_fetch_assoc($res);
    $dbpassword=$row['password'];
    if(password_verify($old_password,$dbpassword)){
    $new_password=password_hash($new_password,PASSWORD_BCRYPT); 
    mysqli_query($conn,"update lab_details set password='$new_password' where id='$lid'");
        $arr=array('status'=>'success','msg'=>'Password has been updated');
        }else{
        $arr=array('status'=>'error','msg'=>'Please enter correct password');       
        }
        
        echo json_encode($arr);
    }
    ?>
**HTML CODE**

html code here

<form id= "frmPassword" method="POST"
            enctype="multipart/form-data">
                        <!-- Clinic Info -->
                            <div class="card">
                                <div class="card-body">
                                    <h4 class="card-title">Change Password</h4>
                                    <div class="row form-row">
                                        <div class="col-md-12">
                                            <div class="form-group">
                                                <label>Password</label>
                                                <input type="password" class="form-control" name="old_password" id="labname" value="">
                                            </div>
                                        </div>
                                        <div class="col-md-12">
                                            <div class="form-group">
                                                <label>confirm Password</label>
                                                <input type="password" class="form-control" name="new_password" value="">
                                            </div>
                                        </div>
                                        </div>
                                        
                            <div class="submit-section submit-btn-bottom">
                                <button type="submit"  class="btn btn-primary submit-btn"  id="password_submit">Save Changes</button>
                            </div>
                                        </div>
                                        <input type="hidden" name="type" value="password">
                                                    <div id="password_form_msg"></div>
                                        </div>
                                        </div>
                                        </form>
                                        </div>

AJAX SCRIPT here you can see the script i have passed data using jQuery.parseJson(result)

<script>                        
                                            
        jQuery('#frmPassword').on('submit',function(e){
        jQuery('#password_submit').attr('disabled',true);
        jQuery('#password_form_msg').html('Please wait...');
        jQuery.ajax({
            url:'update_lab_profile.php',
            type:'post',
            data:jQuery('#frmPassword').serialize(),
            success:function(result){
                jQuery('#password_form_msg').html('');
                jQuery('#password_submit').attr('disabled',false);
                var data=jQuery.parseJSON(result);
                if(data.status=='success'){
                    swal("Success Message", data.msg, "success");
                }
                if(data.status=='error'){
                    swal("Error Message", data.msg, "error");
                }
            }
        });
        e.preventDefault();
    }); 
    </script>
  • i think i am missing something here in jQuery.parseJSON *
Mental Engineer
  • 1
  • 1
  • 1
    Look at the response in your browser's Network tab. It sounds like it's returning something before the JSON or in place of it, possibly some sort of error. Though looking at it, you have HTML in your php script, which is not part of the JSON that the javascript is expecting. – aynber May 25 '22 at 13:45
  • 1
    You've tagged this with "java", did you mean "javascript", or have you missed that part? You always need to echo the json first before any other output + you should have an `exit;` after the echo to stop the page from keep rendering (which will result in invalid json if there's anything outputted after) – M. Eriksson May 25 '22 at 13:47
  • Are your old passwords not hashed? If they are, then `select * from lab_details where password='$old_password'` is never going to return anything. You aren't actually making use of the `$check` result anyway, so asking the user for their old password is currently not achieving anything. – ADyson May 25 '22 at 13:50
  • 1
    **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson May 25 '22 at 13:50
  • https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use it again. – ADyson May 25 '22 at 13:50
  • **Never store passwords in clear text or using MD5/SHA1!** Only store password hashes created using PHP's [`password_hash()`](https://php.net/manual/en/function.password-hash.php), which you can then verify using [`password_verify()`](https://php.net/manual/en/function.password-verify.php). Take a look at this post: [How to use password_hash](https://stackoverflow.com/q/30279321/1839439) and learn more about [bcrypt & password hashing in PHP](https://stackoverflow.com/a/6337021/1839439) – Dharman May 25 '22 at 14:10

0 Answers0