Angular http request with custom data

Question

I am trying to do a http request to a php file on my server. My code i am using at the moment is as follows:

App.controller('GetSales', ['$scope', '$http', function ($scope, $http) {

        $http({
            method: 'POST',
            url: '/app/controller/apis/_sales.php?period_start=2015-07-01&period_end=2015-07-31&join=leads&status=0&category=0user=1'
        })
        .success(function (data) {
            $scope.sales = data;
        });
}]);

Isnt there a better way to do this? When i add these var as data it doesnt get posted to my page?

data: {
            period_start: '2015-07-01',
            period_end: '2015-07-31',
            join: 'leads',
            status: '',
            category: '',
            user: '1'
        };

In php i get the data like this, its also sanitized for security reason:

$user = filter_var($_REQUEST['user'], FILTER_SANITIZE_NUMBER_INT);
$period_start = $_REQUEST['period_start'].' 00:00:00';

My answer has been updated this is using the incorrect API for accessing AngularJS. See my demo and link to the Angular Docs for $http. This is using the jQuery style but with Angular, wont work. — AlphaG33k, Jul 12 '15 at 17:20
Your problem is not client side at this point, I am extending my answer below — AlphaG33k, Jul 12 '15 at 19:52
Well am sitting on this already like "forever" and i cant figure out what am missing? — jhon dano, Jul 12 '15 at 19:57
I just added your fix, its the type of input your expecting. Use `json_decode( file_get_contents('php://input') );` instead of $_POST for Angular data code example has been edited — AlphaG33k, Jul 12 '15 at 20:09

BAD_SEED · Answer 1 · 2015-07-12T17:12:55.203

0

At first sight you are tryng to call an HTTP POST service, but you send parameter like it was a GET service, try something like that:

App.controller('GetSales', ['$scope', '$http', function ($scope, $http) {
    $http.post('/app/controller/apis/_sales.php',
        {
            period_start: '2015-07-01',
            period_end: '2015-07-31',
            join: 'leads',
            status: '',
            category: '',
            user: '1'
        })
        .success(function (data) {
            $scope.sales = data;
        })
        .error(function (data, status) {
            console.log(status);
        });

edited Jul 12 '15 at 17:12

answered Jul 12 '15 at 16:54

BAD_SEED

4,840
11
53
110

i tried this already but it doesnt work! Also you have some error in your code! – jhon dano Jul 12 '15 at 17:04
yes I forgot the semicolon, but the problem I think is in the PHP server side. Put an error clause to the $http service calll and catch the error – BAD_SEED Jul 12 '15 at 17:10
funny its not trowing any error but return "null"...? – jhon dano Jul 12 '15 at 17:17
not working... i dont understand because with the regular get request i get my required data? – jhon dano Jul 12 '15 at 17:31
I don't know, does your REST server permit the post for that action? Try to make a simple POST request with a basic HTTPRequester. I thjink your action does not permit post! – BAD_SEED Jul 12 '15 at 17:36

score 0 · Answer 2 · edited May 23 '17 at 12:06

I would use json_decode( file_get_contents('php://input') ) on your serverside. Also, please don't forget to sanitize your user sent data!

var dataParams = {
            period_start: '2015-07-01',
            period_end: '2015-07-31',
            join: 'leads',
            status: '',
            category: '',
            user: '1'
};
App.controller('GetSales', ['$scope', '$http', function ($scope, $http) {
        $http.post('/app/controller/apis/_sales.php', dataParams)
        .success(function (data) {
            $scope.sales = data;
        });
}]);

You will want to watch ever using the variable data as it will most likely collide with another variable, such as in your demonstration where you have named your post params as data while the return response is also aliased as data in the $.post success. This may not cause an issue in this case - but it usually will, so I renamed it for you out of habit.

Your server side could look something like this depending on what your usernames strings consist of:

public static function sanatize_client_string($dirtyString){
                    $cleanString = htmlspecialchars(strtolower(preg_replace("/[^a-z]+/i", "[FORBIDDEN_CHAR]", $dirtyString)));
                    return $cleanString;
                }

$client_data = sanatize_client_string(json_decode( file_get_contents('php://input')));

Now you can access the username like:

echo $client_data['user']; // Will echo 1 based on the post data you are sending

This is what a simple serverside data-router could look like, as using normal $_POST has never worked for Angular data for me either:

    /**
    * Collect all Angular HTTP Request data
    */
    $client_data = json_decode( file_get_contents('php://input') );

    $app_state = utils::sanatizeClientString($client_data->appState); // <- name of prop must match client angularPostObj.x = serverModel.x

    /**
    * Cache the view path to the model
    */   
    $module_exists_in_model = isset($app['view_data']['views'][$app_state]);

    /**
     * If the angular post request matches data in the model, return the requested dataset, while if no object is found 
     * under that address, the error object will be returned which will send and error data to the view. 
     * 
     * This error condition will never happen aside from an attack because the clientside AngularJS router would prevent any 
     * unregistered paths from being even sent to the server. This would happen using a post mocking service or by 
     * forcing the string change in the code inspector while using the site.
     */
    $module_exists_in_model ?
        $view_model = $app['view_data']['views'][$app_state] : 
        $view_model = $app['view_data']['views']['error'];

    // Call the view from Angular post data, passing it to a Class that sends a response as valid JSON

    Render_app::echo_json($view_model);

I was informed of this by: http://www.cleverweb.nl/javascript/a-simple-search-with-angularjs-and-php/ and How to post a data in Angular?.

The point is... use $client_data = json_decode( file_get_contents('php://input') ); instead of $client_data = $_POST['username'];

i tried this already but it doesnt work! Also you have some error in your code! — jhon dano, Jul 12 '15 at 17:04
Sorry your jquery like syntax through me off, your right it was the improper way to call angular $http.post. Refer to this doc when using $http for angular https://docs.angularjs.org/api/ng/service/$http — AlphaG33k, Jul 12 '15 at 17:08
Basically your demo has 2 issues, one is that you tried sending use $post as a query string which is 'get style' as @marianoc84 stated, and your code is using a jQuery style api to access angular $http service - which I fell for as well. Easy to mixup, hope that code works for ya! — AlphaG33k, Jul 12 '15 at 17:10
Now the added 3rd issue of the server intercepting the client sent post data is fixed. Its not normal post data, its Angular post data and it comes through in an object. Try `echo $client_data` and you should see an object containing your props and values you sent from the client side — AlphaG33k, Jul 12 '15 at 20:23

Angular http request with custom data

2 Answers2