this js\jquery function requesting
function assignwork(){ var projectid = $jq(".dmprojname").val(), empid = $jq(".nameemp").val(), assignwork = $jq(".workdescription").val(), workdate = $jq(".workdate").val(); var go_path = "employee_switch_person.php?action=assignwork&vars=4&var1="+empid+"&var2="+projectid+"&var3="+assignwork+"&var4="+workdate; $jq.get(go_path,{},function(data){ if(data ==1){ alert("successfully assigned!"); showassignwork(0); } }); } this php
function assignwork($empid,$projectid,$assignwork,$workdate){ //echo $workdate; global $con; date_default_timezone_set("asia/karachi"); //echo "date format".date('y-m-d h:i:s'); //echo $empid.",".$projectid.",".$assignwork.",".$workdate; $sql = "insert `tblempassignwork` (`empid`, `assignwork`, `assignbyid`, `projectid`, `workdate`, `assigndatetime`) values($empid,'".$assignwork."',".$_cookie["userid"].",".$projectid.",'".$workdate."','".date('y-m-d h:i:s')."')"; $result = mysql_query($sql,$con) or die(mysql_error()); echo $result; } problem
assignwork = $jq(".workdescription").val() can contain string double quote, single quote, hash or special character. if use single quote or hash showing
you have error in sql syntax; check manual corresponds mysql server version right syntax use near 's , makes examples',3,77,'2015-05-08','2015-05-08 09:51:17')' @ line 2
cause have type single quote in string. how can skip special character when passing through request.
in jquery, can replace non-alphanumeric characters -
assignwork=assignwork.trim().replace(/[^a-z0-9]+/gi, '-'); or can replace whitespace or ever suites program best :)
Comments
Post a Comment