0

i have some problems with collecting the data i fetch from database. Dont know how to continue.

What i did so far:

JQ:

$(document).ready(function(){

  $('#submit').click(function(){

    var white = $('#white').val();

    $.ajax({

    type:"POST",
    url:"page.php",
    data:{white:white}

    });

  });  

});

PHP (requested page.php) so far:

$thing = mysql_real_escape_string($_POST["white"]); 

..database connect stuff..

$query = "SELECT * FROM table1 WHERE parameter='$thing'";

if($row = mysql_query($query)) {

while (mysql_fetch_array($row)) {

    $data[]=$row['data'];

}

}

What i dont know, is how to send out data and receive it with ajax.

What about errors when request is not succesful?

How secure is ajax call against database injection?

Thanks :)

John
  • 1,619
  • 8
  • 24
  • 34
  • About the security thing - it will be as secure as you make the script that handles it. – Fluffeh Aug 01 '12 at 11:32
  • 1
    I see that you are using mysql_real_escape string. On the man page (http://php.net/mysql_real_escape_string) you can see two things: 1) it is recommended to switch to PDO (or mysqli) 2) you should connect to the database `before` calling it – mishu Aug 01 '12 at 11:36
  • 1
    I'm sorry, but answering this question would require to write a tutorial about basic jquery/ajax/php usage, I doubt anyone will be willing to do it and there are enough of those on the net. I can give you some hints though, look at: (JQ:) `$.get()`, `$.post()`; (PHP:) `json_encode()` – MiDo Aug 01 '12 at 11:36
  • also: You are using `data:{white:white}` - which means you are giving the variable the name of its value. If `$('#white').val()` for example is "black", you would get `$_POST['black']`, resulting in failing your check in PHP. use `data:{"white":white}` instead – MiDo Aug 01 '12 at 11:38

3 Answers3

7

You'll need a success parameter in $.ajax() to get a response once a call is made

$('#submit').click(function(){

    var white = $('#white').val();
    if(white == '')
    {
        // display validation message
    }
    else
    {
       $.ajax({

       type:"POST",
       url:"page.php",
       data:{"white":white}
       success:function(data){
          $('#someID').html(data);
       } 

    });

  });

Whatever you echo (HTML tags or variables) in page.php will be shown in the element whose ID is someID, preferable to keep the element a <div>

In page.php, you can capture the value entered in the input element by using $_POST['white'] and use it to do whatever DB actions you want to

asprin
  • 9,579
  • 12
  • 66
  • 119
0
    To send out data to you can write following line at the end :

    echo json_encode($data);exit;


    To receive response and errors when request is not successful in ajax :

jQuery.ajax({
type:"POST",
    url:"page.php",
    data:{white:white},
    asyn: false,
     success : function(msg){      
          var properties = eval('(' + msg + ')');

          for (i=0; i < properties.length; i++) {
            alert(properties[i]);
          }
    },
     error:function (XMLHttpRequest, textStatus, errorThrown) {
         alert(textStatus);
     }
Atul Rai
  • 242
  • 2
  • 10
0
    For Feeling more safety do the following things: 
    1. Open a Session.
    2. Detect Referrer.
    3. Use PDO Object instead mysql_real_escape_string
    4. Detect Ajax call :

    if(empty($_SERVER['HTTP_X_REQUESTED_WITH']) || 
    strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) !='xmlhttprequest') {
       //Is Not Ajax Call!
   }
4EACH
  • 2,132
  • 4
  • 20
  • 28