(edited for security, assume the actual values are different)
This is simply not working at all, and I think it’s because it isn’t getting anything from the $_POST ?
I’m relatively new to PHP so I don’t fully understand how all this works.
I just know that I need to get a value from an HTML form into the SQL statement pictured above and I can’t figure out the best way to do that!
The code on the index is a javascript functions that looks like this:
$('#Number').change(function() {
var num = $(this).val();
$.ajax({
type: 'POST',
url: "autofill.php",
data: { Number: num },
success: function(data) {
if (arr[0].trim() != '') {
$('#title').val(arr[0]);
$('#submitButton').prop("disabled", false);
} else {
$('#submitButton').prop("disabled", true);
}
myGrid.load("connector.php");
},
});
});
The ajax autofills a name in the HTML form based on the number that is typed, and then is supposed to populate the DHTMLX grid in the same action.
I’ve populated grids from ajax calls before, but never with a variable parameter.
Update to this thread, I was able to create a better solution using $_SESSION instead of $_GET
In my ‘autofill.php’ file, which performs a SQL query to retrieve data, after the query executes I wrote
$_SESSION['num'] = numValue;
and then in the connector I replaced $_GET with $_SESSION. I felt that using a GET would be a security risk.
I also had to add session_start() to all of my files, which I did not have already.
My concern now is with security. Normally I use PDO bindParam to sanitize data inputs.
Reading the documentation for dhtmlxConnector, I know that all data is sanitized automatically. At which point does this occur? Is this after/during calling render_complex_sql?
Any help appreciated, I’d just like to know if my data is being sanitized properly!