When i send a form contains data from inputs without specialchars, it reaches the PHP file and get set in DB in ease.
Also when selecting, there are no problems at all.
But, when user types the next keys, the thing is different:
" or ' or <script> or alert('yes'); or \ or $ and so for and so on.
What i've tried:
Using tons of encodeURI or encodeURIComponent functions or JSON.stringify
or escapeHTML and what i didn't try..
but nothing works.
the most problematic is: <script> or alert('yes');
which are not only that not being sent to the PHP file, they stuck the whole page!
notice: now ive noticed that even here in stackoveflow, when i write <script> tag not in a code brackets, stackoverflow displays just nothing!
now, some strings, somehow, finally get delivered to the php file,
but i also have the continious problem when im trying to store them:
they are in json encoded, so i wont do each object key some long and time consuming functions like htmlspecialchars / mysqli_real_escape_string /
htmlentities or others.. it will be very uncomfortable to work like this....
an example of the html/php first page:
<div class="contact-form">
<form ng-submit="processForm()" class="default-form">
<div class="row">
<div class="col-lg-3">
<label for="">* שם פרטי ושם משפחה</label>
<input type="text" required ng-model="formData.full_name" placeholder="* שם פרטי ושם משפחה">
</div>
<div class="col-lg-3">
<label for="">* כתובת דוא׳׳ל</label>
<input type="text" required ng-model="formData.email" placeholder="* כתובת דוא׳׳ל">
</div>
<div class="col-lg-3">
<label for="">* טלפון</label>
<input type="text" required ng-model="formData.phone" placeholder="* טלפון">
</div>
<div class="col-lg-3">
<label for="">* סוג קבלן</label>
<select required ng-model="formData.type">
<option value="">* סוג קבלן</option>
<option value="פרטי" alt="">פרטי</option>
<option value="יזם" alt="">יזם</option>
<option value="בנייה ציבורית" alt="">בנייה ציבורית</option>
</select>
</div>
<div class="col-lg-12">
<label for="">
העלאת קבצים
</label>
<input type="file" ng-file-model="formData.files" name="files" multiple style="margin-top:15px">
</div>
<div class="col-lg-12" style="margin-top:40px">
<input type="checkbox" ng-model="formData.newsletter" id="newsletter" >
<label for="newsletter">קבל מבצעים ועדכונים במייל</label>
</div>
<div class="col-lg-12" style="margin-top:10px">
<button class="thm-btn bg-clr1" style="color:white; font-weight:bold" type="submit">לשליחה לחץ כאן</button>
<h3 class="loader" style="display:none">טוען ומעלה קבצים...</h3>
</div>
</div>
</form>
as you can see, just another angular based form.
now the JS file:
$scope.formData = {
full_name: "raz",
phone: "0509921014",
email: "razwebs#gmail.com",
type: "בנייה ציבורית",
newsletter: true,
files: "",
};
$scope.processForm = function() {
$(".bg-clr1").hide();
$(".loader").show();
var data = new FormData();
if ($scope.formData.files.length>0)
{
var files = $scope.formData.files;
for (var k=0; k<files.length; k++)
data.append("file-"+k, files[k]);
}
var formData = JSON.stringify($scope.formData);
formData = encodeURIComponent(formData);
$.ajax({
type: 'POST',
url: 'send_quote.php?formData=' + formData,
cache: false,
contentType: false,
processData: false,
data: data,
success: function(response) {
console.log(response);
$(".bg-clr1").show();
$(".loader").hide();
//window.location = "thanks.php";
}
});
};
note that in this js file, im also sending post and get, which post is the FormData object contains files, and the get contains the regular strings.
and finally the php page:
$array = $_FILES;
$files = [];
for ($i=0; $i<count($array); $i++)
{
$file = $_FILES["file-" . $i];
$name = $file["name"];
$fileType = $file["type"];
$tmp_name = $file["tmp_name"];
$ext = pathinfo($name, PATHINFO_EXTENSION);
$ext = strtolower($ext);
$fileId = rand(1,10000000);
$dir = "admin/uploads/";
$randName = $dir . $fileId . "." . $ext;
move_uploaded_file($tmp_name, $randName);
array_push($files, $randName);
}
$formData = urldecode($_GET['formData']);
$fd = json_decode($formData, true);
$fd["files"] = $files;
$fd = json_encode($fd, JSON_UNESCAPED_UNICODE);
$theDate = time();
mysqli_query($con, "INSERT INTO quotes
(
`quote`,
`status`,
`date`
)
VALUES
(
'$fd',
0,
'$theDate'
)
");
hope it seems clear, i really spent tons of hours to solve this issue,
nothing works, its really frustrated and i sure others facing the same issue as well...
if someone can help, it will be awesome, and sorry for medium level english.
thanks!
Related
I've upgraded my app from Laravel 4.2 to Laravel 5.3. On an index page listing citations, I have an AJAX modal form to edit or view the login credentials for the citation. This was working fine in Laravel 4.2, but I cannot for the life of me get it to work in 5.3. After about 5 hours Googling and trying different things, I thought I would post it here so that someone way more experienced than me can point me in the right direction.
Here's the link on the index page:
<a style="cursor: pointer; " title= "Login Credentials" data-loopback="cit-pg-1" data-citationid="1079" class="getCitationdetails"><span class="glyphicon glyphicon-lock " title="Login Credentials"></span></a>
And here's the JavaScript:
<script type="text/javascript">
$(document).on('click','.getCitationdetails',function(){
var citationid = $(this).data('citationid');
var loopback = $(this).data('loopback');
$.ajax({
url : '/citation-password',
type:'post',
data : {citationid :citationid, loopback :loopback},
success:function(resp){
$('#AppendLoginDetails').html(resp);
$('#LoginCredentialsModal').modal('show');
$('.loadingDiv').hide();
},
error:function(){
alert('Error');
}
})
})
Here's my route:
Route::match(['get', 'post'], '/citation-password', 'CitationsController#citationpassword');
And here's the Controller method that generates the form on get and saves the data on post:
public function citationpassword()
{
if (Request::ajax()) {
$data = Request::all();
if (!$data['citationid']) {
return redirect('/citations')
->with('flash-danger', 'Missing citation id for Login credentials form!!');
}
// Save loopback variable if we have it in order to return user to the page where they came from; default return location is citations
$loopback = 'citations';
if (array_key_exists("loopback", $data)) {
$loopback = $data['loopback'];
}
$getcitationdetails = Citation::where('id', $data['citationid'])->select('id', 'site_id', 'username', 'password', 'login_email', 'login_notes')->first();
$getcitationdetails = json_decode(json_encode($getcitationdetails), true);
$getsitedetails = Site::where('id', $getcitationdetails['site_id'])->select(
'id',
'directory_username',
'directory_password',
'security_questions',
'email_account',
'email_account_password',
'email_account_name',
'google_user',
'google_pwd',
'name_of_google_account'
)->first();
$getsitedetails = json_decode(json_encode($getsitedetails), true);
$response ="";
$response .= '<form action="'.url('/citation-password').'" method="post">
<div class="modal-body">';
if (!empty($getsitedetails['directory_username'])) {
$response .= '<div class="form-group">
<label for="recipient-name" class="col-form-label">Default login credentials for this site:</label>
<p>Username: '.$getsitedetails['directory_username'].'
<br />Password: '.$getsitedetails['directory_password'].'
<br />Email account: '.$getsitedetails['email_account'].'
<br />Email password: '.$getsitedetails['email_account_password'].'
<br />Name on email account: '.$getsitedetails['email_account_name'].'
<br />Default security questions: '.$getsitedetails['security_questions'].'</p>
<p>Gmail account: '.$getsitedetails['google_user'].'
<br />Gmail password: '.$getsitedetails['google_pwd'].'
<br />Name on Gmail account: '.$getsitedetails['name_of_google_account'].'</p>
</div>';
}
$response .= '
<input type="hidden" name="_token" value="'.csrf_token() .'" />
<input type="hidden" name="citation_id" value="'.$data['citationid'].'" />
<input type="hidden" name="loopback" value="'.$loopback.'" />
<div class="form-group">
<label for="recipient-name" class="col-form-label">Username:</label>
<input type="text" class="form-control" name="username" value="'.$getcitationdetails['username'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Password:</label>
<input type="text" class="form-control" name="password" value="'.$getcitationdetails['password'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Login email used:</label>
<input type="text" class="form-control" name="login_email" value="'.$getcitationdetails['login_email'].'" autocomplete="off">
</div>
<div class="form-group">
<label for="message-text" class="col-form-label">Login notes:</label>
<textarea class="form-control" style="height:130px;" name="login_notes">'.$getcitationdetails['login_notes'].'</textarea>
</div>
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-success" id="success">Save</button>
<button type="button" class="btn btn-danger" data-dismiss="modal" aria-hidden="true">Cancel</button>
</div>
</form>';
return $response;
} else {
// The popup modal has posted back here; process the data
$data = Request::all();
// Handle & translate loopback; returning user to the page where they came from
$loopback = 'citations';
if ($data['loopback']) {
$loopback = $data['loopback'];
// Translate pages it came from
$trackLoopback = new trackLoopback();
$loopback = $trackLoopback->translate($loopback);
}
$updatecitation = Citation::find($data['citation_id']);
$updatecitation->username = $data['username'];
$updatecitation->password = $data['password'];
$updatecitation->save();
return redirect($loopback)
->with('flash-success', 'Login credentials have been updated successfully!');
}
}
In an effort to isolate the error, I even simplified the form in the controller like this:
public function citationpassword()
{
if (Request::ajax()) {
return '<p>This is the modal form!</p>';
} else {
// The popup modal has posted back here; process the data
$data = Request::all();
// Handle & translate loopback; returning user to the page where they came from
$loopback = 'citations';
if ($data['loopback']) {
$loopback = $data['loopback'];
// Translate pages it came from
$trackLoopback = new trackLoopback();
$loopback = $trackLoopback->translate($loopback);
}
$updatecitation = Citation::find($data['citation_id']);
$updatecitation->username = $data['username'];
$updatecitation->password = $data['password'];
$updatecitation->save();
return redirect($loopback)
->with('flash-success', 'Login credentials have been updated successfully!');
}
}
and also simplified the route to this:
Route::get('/citation-password', 'CitationsController#citationpassword');
but all I get when I click the link is a popup notice, "Error."
I'm not experienced with AJAX. How do I get the form to display in Laravel 5.3?
And/or, how can I change the JavaScript function so that it shows the actual error instead of the "Error" notice? (I tried a number of methods I found on StackOverflow to display errors but all of them resulted in NO error notice; just a blank page. And, I've not been successful at getting my Firefox debugger to show the errors either.)
Thanks!
The correct way to debug the JavaScript is to post the errors this way:
<script type="text/javascript">
$(document).on('click','.getCitationdetails',function(){
var citationid = $(this).data('citationid');
var loopback = $(this).data('loopback');
$.ajax({
url : '/citation-password',
type:'post',
data : {citationid :citationid, loopback :loopback},
success:function(resp){
$('#AppendLoginDetails').html(resp);
$('#LoginCredentialsModal').modal('show');
$('.loadingDiv').hide();
},
error: function(xhr, ajaxOptions, thrownError) {
alert(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
}
})
})
Once you do so, you will see that the error has to do with missing CsrfToken for the form. [The actual error message is from the Laravel framework: Illuminate\Session\TokenMismatchException: in file /home/reviewsites/moxy53/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php on line 6] Since both the get and post verbs use the same route, Laravel is requiring the CsrfToken before the form with the Csrf field gets generated.
It is possible (but NOT recommended!) to exclude this route from CSRF protection by editing App\Http\Middleware\VerifyCsrfToken.php with the following exception:
/**
* The URIs that should be excluded from CSRF verification.
*
* #var array
*/
protected $except = [
'/citation-password',
];
However, a much better approach is to add the token. It is correct that since you are using a post method to send the data values to the controller, you cannot use the controller to generate the token field in the form. Hence, the solution is to take the html out of the controller and put it in the blade. These lines:
$response .= '<form action="'.url('/citation-password').'" method="post">
<div class="modal-body">';
...
</div>
</form>';
should not be in the $response generated by the controller, but should instead be in the modal div in the blade itself. THEN, you can add the CSRF field in the blade thus:
<form action="{{url('/citation-password')}}" method="post">
{{ csrf_field() }}
<div class="modal-body" id="AppendLoginDetails">
</div>
</form>
I'm using Codeigniter with Ckeditor. My problem is that when I submit the content, the data from the textarea is not stored in the database. But when I tried it again it finally did. So the situation is like I have to double click submit button to save it.
I stored the downloaded Ckeditor on a folder named ./Assests/Ckeditor(Sorry for the wrong spelling.I'll fix this later.)
Here's my form in my view folder:
ask_view.php:
<form id="form" enctype="multipart/data" method="post" onsubmit="createTextSnippet();">
<div class="form-group">
<label for="exampleInputEmail1">Title</label>
<input type="text" name ="title" class="form-control" id="title" placeholder="Title" required >
</div>
<input type="hidden" name="hidden_snippet" id="hidden_snippet" value="" />
<div class="form-group">
<label for="exampleInputEmail1">Editor</label>
<textarea name ="text" class="form-control" id="text" rows="3" placeholder="Textarea" required></textarea>
</div>
<input type="submit" class="btn " name="submit" value ="Submit" style="width: 100%;background: #f4a950;color:#161b21;">
</form>
<script src="<?php echo base_url('assests/js/editor.js')?>"></script>
<script type="text/javascript">
CKEDITOR.replace('text' ,{
filebrowserBrowseUrl : '<?php echo base_url('assests/filemanager/dialog.php?type=2&editor=ckeditor&fldr=')?>',
filebrowserUploadUrl : '<?php echo base_url('assests/filemanager/dialog.php?type=2&editor=ckeditor&fldr=')?>',
filebrowserImageBrowseUrl : '<?php echo base_url('assests/filemanager/dialog.php?type=1&editor=ckeditor&fldr=')?>'
}
);
</script>
<script type="text/javascript">
//code used to save content in textarea as plain text
function createTextSnippet() {
var html=CKEDITOR.instances.text.getSnapshot();
var dom=document.createElement("DIV");
dom.innerHTML=html;
var plain_text=(dom.textContent || dom.innerText);
var snippet=plain_text.substr(0,500);
document.getElementById("hidden_snippet").value=snippet;
//return true, ok to submit the form
return true;
}
</script>
<script type="text/javascript">
$('#form').on('submit', function (e) {
e.preventDefault();
$.ajax({
type: 'POST',
url: '/knowmore2/index.php/ask_controller/book_add',
data: $('form').serialize(),
success: function (data) {
console.log(JSON.parse(data));
}
});
});
</script>
Ask_model.php:
public function book_add($data)
{
$query=$this->db->insert('article', $data);
return $query;
}
Ask_controller.php:
public function book_add(){
$data = $_POST;
$details = array();
$details['title'] = $data['title'];
$details['content'] = $data['text'];
$details['snippet'] = $data['hidden_snippet'];
$details['createdDate']=date('Y-m-d H:i:s');
$result=$this->ask_model->book_add($details);
echo json_encode($details);
}
The content with html tags should be save in a column named content in the database, but it didn't save in the first click. It only saves on the second one,but the other data are saved in the first like the title, etc. So I get 2 rows of data, one without the content and the other with one.
Database:
I have the following code, pretty standard - but it seems that the bots get by without even entering anything into the input fields! where as a normal person cannot since it checks upon submit, so I keep just getting empty emails.
Here is my code, if anyone has any ideas:
the javascript:
$('form.ajax').on('submit', function () {
if($(".field-b").val()) {
return false;
}
var that = $(this),
url = that.attr('action'),
type = that.attr('method'),
data = {};
that.find('[name]').each(function(index, value) {
var that = $(this),
name = that.attr('name'),
value = that.val();
data[name] = value;
});
for(var property in data) {
if(data.hasOwnProperty(property)) {
if(data[property] == "") {
$('[name="' + property + '"]').parent().addClass("error");
return false;
}
}
}
$.ajax({
url: url,
type: type,
data: data,
success: function(response) {
$(".info,.ajax").hide();
$(".success-send").fadeIn(300);
return false;
}
});
return false;
});
The HTML:
<form class="ajax" action="../email.php" method="post"autocomplete="off">
<div class="form-field">
<input name="form_name" type="text" class="form-field-name">
<label>Your Name</label>
<div class="field-icon-name"></div>
</div>
<div class="form-field">
<input name="form_business" type="text" class="form-field-business">
<label>Business</label>
<div class="field-icon-business"></div>
</div>
<div class="form-field">
<input name="form_email" type="email" class="form-field-email">
<label>Email Address</label>
<div class="field-icon-email"></div>
</div>
<div class="form-field">
<input name="form_phone" type="text" class="form-field-phone">
<label>Phone #</label>
<div class="field-icon-phone"></div>
</div>
<div class="form-field special">
<input name="form_b" type="text" class="form-field-b">
<label>question</label>
</div>
<div class="form-field">
<textarea name="form_message"></textarea>
<label>Message</label>
<div class="field-icon-message"></div>
</div>
<button type="submit">Send Message</button>
</form>
And finally the PHP.
<?php
session_start();
$to = "myemail#domain.com";
$name = $_POST['form_name'];
$phone = $_POST['form_phone'];
$email = $_POST['form_email'];
$business = $_POST['form_business'];
$email = $_POST['form_email'];
$subject = 'Contact Form mattscorner';
$message = 'Name:'.$name.'\n Email + phone:'.$email.", ".$phone."\n Business: ".$business."\n\n".$message;
$headers = "From: $email\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\n";
mail($to, $subject, $message, $headers);
if (mail($to, $subject, $message, $headers)) echo "mail sent"; else echo "mail NOT sent";
?>
It's pretty standard code I think, but I just cant seem to get the bots to even get blocked by the field requirements.
I literally get emails that are just:
Name:\n Email + phone:, Business:
There's a fundamental misunderstanding here. Bots don't run JavaScript, so none of that matters, and you're not doing the same validations on the server side, so they have no trouble getting by. Implement your validations in PHP too.
Also, you really need to do more validation for security anyway - your script is open to all kinds of vulnerabilities, and you're building malformed, non-compliant messages.
I suggest you use an email library such as PHPMailer, which you tagged this question with.
I want to add records to a drop down menu without form refresh. I'm using codeigniter and bootstrap
Here is the Bootstrap Modal :
<div class="modal fade bs-example-modal-lg" tabindex="-1" role="dialog" aria-labelledby="myLargeModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button aria-hidden="true" data-dismiss="modal" class="close" type="button">×</button>
<h4 id="myLargeModalLabel" class="modal-title">Add Record</h4>
</div>
<div class="modal-body">
<form class="sky-form" id="sky-inchidere" method="post" accept-charset="utf-8" action="">
<dl class="dl-horizontal">
<dt>Name<span class="color-red">*</span></dt>
<dd>
<section>
<label class="input">
<i class="icon-append fa fa-inbox"></i>
<input type="text" value="" name="name" required>
<b class="tooltip tooltip-bottom-right">Add New Record</b>
</label>
</section>
</dd>
</dl>
<hr>
<button type="submit" class="btn-u" style="float:right; margin-top:-5px;">Submit</button>
</form>
</div>
</div>
</div>
Ajax script :
$(document).ready(function(){
$("#sky-inchidere").submit(function(e){
e.preventDefault();
var tdata= $("#sky-inchidere").serializeArray();
$.ajax({
type: "POST",
url: 'http://localhost/new/oportunitati/add',
data: tdata,
success:function(tdata)
{
alert('SUCCESS!!');
},
error: function (XHR, status, response) {
alert('fail');
}
});
});
});
CI Controller ( i have added the modal code here for test )
public function add() {
$tdata = array( name=> $this->input->post(name),
);
$this->db->insert('table',$tdata);
}
When i use this code i get "fail" error message.
Thanks for your time.
how yo debug:
1. Print your 'tdata' and see what happen;
2. Something wrong here: $this->input->post('name');
Try to use:
$tdata = array(
'name' => $this->input->post('name')
);
I manage to find the problem and correct it. (typo on the table name)
Now I have come across a different problem. In the ajax success I cant refresh the chosen dropdown records i have tried :
success:function(tdata)
{
// close the modal
$('#myModal').modal('hide');
// update dropdown ??
$('.chosen-select').trigger('liszt:updated');
$('#field-beneficiar_p').trigger('chosen:updated');
$('#field-beneficiar_p').trigger('liszt:updated');
},
Any help in how i can refresh the records to see the last added item will be appreciated. I'm using chosen plugin.
from controller send data in json_encode
then in js function
$.ajax({
type: "POST",
url: "<?php echo base_url('login/get_time'); ?>",
data: {"consltant_name": consltant_name, "time": time},
success: function(data) {
var data = JSON.parse(data);
var options = '';
options = options + '<option value="">Please Select One</option>'
$.each(data, function(i, item) {
options = options + '<option value="' + item + '">' + item + '</option>'
});
selectbox.html(options);
}});
The problem is that when i use submit, codeigniter process the script cleanly. But when I passed the data thru ajax. script works fine. It even outputs the array when i use print_r. Its just that it doesn't update the database. everything is fine until the activerecord script.
Here is my controller script. (I just simplified it).
What I did was there is a script that would create an empty row. Thus, it will retrieve the Article id which will be used to save the article.
Here is the save article function.
Controller:
function saveArticle(){
$this->userarticle_model->trial();
}
Model:
function trial(){
$userid = $this->session->userdata('userid');
$articleId = $this->input->post('article_id');
$articleData = array(
'sfc_articleAuthor' =>$userid ,
'sfc_articleTitle' => $this->input->post('article_title'),
'sfc_articleContent' => $this->input->post('article_content'),
'sfc_articleStatus' => 'saved',
'sfc_articleTag' =>$this->input->post('article_tag'),
'sfc_articleCategory' => $this->input->post('article_category')
);
$this->db->where('sfc_articleId', $articleId);
$this->db->update('sfc_articles', $articleData);
}
AJAX:
(Sorry, I just copied this from a tutoral.)
$(document).ready(function(){
$('.save').click(function() {
$('#article_form').hide(0);
$('#message').hide(0);
var article_title = $('#article_title').val();
var article_tag = $('#article_tag').val();
var article_id = $('#articleId').val();
var article_category = $('#article_category').val();
var article_content = $('#article_form').find('.nicEdit-main').text();
var article_status = 'saved';
var dataString = 'article_title='+ article_title + '&article_tag=' + article_tag + '&article_category=' + article_category + '&article_content=' + article_content + '&article_status=' + article_status;
$.ajax({
type : 'POST',
url : 'http://localhost/ci_usage/index.php/article/saveArticle',
dataType : 'json',
data: dataString,
success : function(data){
$('#waiting').hide(500);
if (data.error === false)
$('#article_form').show(10);
},
error : function(XMLHttpRequest, textStatus, errorThrown) {
$('#article_form').hide(10);
$('#article_form').show(3);
}
});
return false;
});
});
View:
<?php echo form_open('article/processArticle',array('id'=>'article_form'));?>
<?php echo validation_errors(); ?>
<div id="sidebar_options">
<div class="sidebar_title">Article Settings</div>
<ul>
<li>
<label>Tags</label><br />
<input type="text" name="article_tag" size="15" value="<?php echo set_value('article_tag');?>" id="article_tag"/>
</li>
<li>
<label>Category</label><br />
<select name="article_category" id="article_category">
<option value="1">Test Category 1</option>
<option value="">Test Category 2</option>
<option value="">Test Category 3</option>
<option value="">Test Category 4</option>
</select>
</li>
<li>PDF version</li>
</ul>
</div>
<div id="option_panel">
<input type="text" name="article_title" size="30" placeholder="Title" value="<?php echo set_value('article_title');?>" id="article_title"/>
<input type="submit" value="Publish" name="publish" />
<input type="button" value="Preview" class="save"/>
<input type="button" value="Save" class="see"/>
</div>
<div id="write_panel" style="width:700px; margin-left:50px; width:800px;"></div>
<div id="write_area">
<textarea name="article_content" id="article_content" style="height:690px; width:800px;" ></textarea>
<input type="hidden" value="<?php echo $articleId;?>" name="article_id" id="articleId"/>
</div>
</div>
<?php echo form_close();?>
I really scratched my head on this.
Just got the answer. Forgot to add to put the last variable into the datastring in the ajax file.