0
**allprocess.php**
<?php
$conn = mysql_connect("localhost", "root", "");
mysql_select_db('tuts_rest', $conn);

if($_SERVER['REQUEST_METHOD'] == "POST"){
 // Get data
 $name = isset($_POST['name']) ? mysql_real_escape_string($_POST['name']) : "";
 $email = isset($_POST['email']) ? mysql_real_escape_string($_POST['email']) : "";
 $password = isset($_POST['pwd']) ? mysql_real_escape_string($_POST['pwd']) : "";
 $status = isset($_POST['status']) ? mysql_real_escape_string($_POST['status']) : "";

 // Insert data into data base
 $sql = "INSERT INTO `tuts_rest`.`users` (`ID`, `name`, `email`, `password`, `status`) VALUES (NULL, '$name', '$email', '$password', '$status');";
 $qur = mysql_query($sql);
 if($qur){
 $json = array("status" => 1, "msg" => "Done User added!");
 }else{
 $json = array("status" => 0, "msg" => "Error adding user!");
 }
}


/* Output header */
 header('Content-type: application/json');
 echo json_encode($json);
if($_SERVER['REQUEST_METHOD'] == "GET"){
 $uid = isset($_GET['uid']) ? mysql_real_escape_string($_GET['uid']) :  "";
 if(!empty($uid)){
 $qur = mysql_query("select name, email, status from `users` where ID='$uid'");
 $result =array();
 while($r = mysql_fetch_array($qur)){
 extract($r);
 $result[] = array("name" => $name, "email" => $email, 'status' => $status); 
 }
 $json = array("status" => 1, "info" => $result);
 }else{
 $json = array("status" => 0, "msg" => "User ID not define");
 }
 }

 /* Output header */
 header('Content-type: application/json');
 echo json_encode($json);
if($_SERVER['REQUEST_METHOD'] == "PUT"){
 $uid = isset($_SERVER['HTTP_UID']) ? mysql_real_escape_string($_SERVER['HTTP_UID']) : "";
 $status = isset($_SERVER['HTTP_STATUS']) ? mysql_real_escape_string($_SERVER['HTTP_STATUS']) : "";

 // Add your validations
 if(!empty($uid)){
 $qur = mysql_query("UPDATE  `tuts_rest`.`users` SET  `status` =  '$status' WHERE  `users`.`ID` ='$uid';");
 if($qur){
 $json = array("status" => 1, "msg" => "Status updated!!.");
 }else{
 $json = array("status" => 0, "msg" => "Error updating status");
 }
 }else{
 $json = array("status" => 0, "msg" => "User ID not define");
 }
}else{
 $json = array("status" => 0, "msg" => "User ID not define");
 }
 @mysql_close($conn);

 /* Output header */
 header('Content-type: application/json');
 echo json_encode($json);

Why the following security error would rise on a simple php webservice code? Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost/webservice/allprocess.php?uid=6. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

**Output.html**

<html>
<script src="http://code.jquery.com/jquery-1.11.0.min.js"></script>
<body>
  <h1>Counting rabbits</h1>
  <script>
   var settings = {
  "async": true,
  "crossDomain": true,
  "url": "http://localhost/webservice/allprocess.php?uid=6",
  "method": "GET",
  "headers": {
    "cache-control": "no-cache",
    "postman-token": "26737044-5963-f666-033c-66c4685031ad"
  }
}

$.ajax(settings).done(function (response) {
  console.log(response);
});

  </script>
  <h1>...Finished counting</h1>
</body>
</html>

This is my frontend and it given the error message

itsami
  • 1
  • The `mysql_*` functions in PHP are deprecated and shouldn't be used. Please read [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) for information on why and what to replace them with. – Matt Raines Apr 19 '16 at 11:09
  • are you actually making a `cross-domain` request? If you are requesting something from the same domain you don't need to set `crossDomain` to true in your ajax call. – Vishnu Nair Apr 19 '16 at 11:40

0 Answers0