0

So I am trying to do something simple. There is a form, it does a self post and I want to get that post information from JQuery and put it into a div.

    <!DOCTYPE HTML>  
    <html>
        <head>
         <link rel="stylesheet" href="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css">
          <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script>
          <script src="http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js"></script>

JQuery here to catch button click and do a "PHP_self":

        <script>
        $(document).ready(function(){
            $(".gettingpostbutton").click(function(){
                    $.post( "<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>", function( data ) {
                        $("#add_post_information_html_here").append(data+" number from $_POST");
                    });/**/
            });
        });
        </script>
        </head>
    <body>  

    <?php
    // define variables and set to empty values
    $number = "";

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
      $number = test_input($_POST["number"]);
    }

For SQL Injection:

    function test_input($data) {
      $data = trim($data);
      $data = stripslashes($data);
      $data = htmlspecialchars($data);
      return $data;
    }
    ?>

Basic Form:

    <h2>PHP Form Validation Example</h2>
        <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">  
          put a number: <input type="text" number="number">
          <br><br>
            <input type="button" name="action" class="btn btn-success gettingpostbutton" value="Add Number" /> 
        </form>

Put info to page either through PHP but prefer to do it through JQuery:

    <?php
    echo "<h2>Your Input:</h2>";
    echo $number;
    ?>

    <div id="add_post_information_html_here"></div>

    </body>
    </html>
    Result:
  • 2
    "for sql injection"? That's a laugh. **NOTHING** you're doing there will have ANY effect on an sql injection attack. You **REALLY** need to go read [this](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) before you go any further. – Marc B Jul 25 '16 at 15:57
  • Good to know. That tutorial must not be very good then. –  Jul 25 '16 at 15:58
  • you'll find that (al)most all php tutorials on the web are pure crap, outdated, flat-out wrong, highly dangerous, and usually all-of-the-above. – Marc B Jul 25 '16 at 15:59
  • How do you catch POST information in JQuery? I am missing something here. I will correct the SQL injection and will read that tutorial link you have –  Jul 25 '16 at 16:01
  • what do you mean, "catch"? you post to a webserver. you can't post to client-side code. – Marc B Jul 25 '16 at 16:02
  • So I would have to do it strictly through PHP... good to know –  Jul 25 '16 at 16:04
  • 1
    it _does_ protect against _XSS_, but not _sqli_ – dandavis Jul 25 '16 at 16:39

0 Answers0