I was reading up on preventing SQL injection and i tried to convert my code. Before I changed it, when the page was loaded, I would update my sql with whatever was in 'input[name="amount"]'
and change the text of the id "freetexts" to whatever echo json_encode($result);
gave out. Now after I changed it, the value of freetexts keeps getting changed to "null"
here is my php
<?php
$username="XXX";
$password="XXX";
$database="XXX";
$amount = $_POST["amount"];
$conn = new mysqli(localhost, $username, $password, $database);
// Check connection
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* create a prepared statement */
if ($stmt = $conn->prepare("UPDATE freetexts SET amount = amount - ? WHERE 1")) {
}
/* Bind parameters: s - string, b - blob, i - int, etc */
$stmt -> bind_param("s", $amount);
//$update = "UPDATE freetexts SET amount = amount - '$amount' WHERE 1";
/* Execute it */
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($result);
/* Fetch the value */
$stmt -> fetch();
echo json_encode($result);
/* Close statement */
$stmt -> close();
?>
And here is my javascript
var amount = $('input[name="amount"]').val();
$.ajax({
type: 'POST',
data: {
amount: amount
},
url: 'textlimit.php',
success: function(data) { //Receives the data from the php code
document.getElementById('freetexts').innerHTML = "Current FREE texts left: " + data;
},
error: function(xhr, err) {
console.log("readyState: " + xhr.readyState + "
status: " + xhr.status);
console.log("responseText: " + xhr.responseText);
}
});