-2

I trying to do a validation by ajax and php, this is my ajax code:

function PrintRecibopapel()
{
    recibo = document.getElementById("txtCod").value;

    if(recibo == "")
        {
            alert("Debe Guardar el recibo antes de imprimir");
        }
    else
    {               
        //ImprimirPDF("modulos/reporte/ingresos/RPrintReciboPapel.php?cods="+recibo);

        $.ajax({
            method: 'GET',
            url: 'modulos/ingresos/actualizarIngreso.php',
            data: {recibo: recibo}
        })
    } 

    }

The function PrintRecibopapel(); is in my form on an input with onclick

So, this is my php (other file):

<?php

include("../../libreria/engine.php");

$_SESSION["logError"] = array();

$recibo = $_GET["recibo"];

$sql = "UPDATE af_ing SET copia = 1 WHERE cod = '$recibo'";
$rs = mysql_query($sql);

?>

<script languaje= 'javascript'>
mostrarErrores();
actualizarPestana();
</script>

The error that the Google Chrome console is givin to me is this: VM2941:1 GET http://localhost/municipia1/modulos/ingresos/actualizarIngreso.php?recibo=2017-00090 404 (Not Found)

As you can see (at least me) is that the url is good and is passing the variable recibo fine, Do I am doing something wrong?

I. Valera
  • 3
  • 3
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 12 '18 at 16:13
  • Are both of these in `municipal`? – Jay Blanchard Mar 12 '18 at 16:14
  • 2
    "As you can see (at least me) is that the url is good" — We can only see that the server says "Not Found". All the evidence we have says the URL is not good. – Quentin Mar 12 '18 at 16:15
  • 1
    **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) that has been [removed](http://php.net/manual/en/mysql.php) from PHP. You should select a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Mar 12 '18 at 16:16
  • Just put the URL in a browser and press enter. It's not that hard. –  Mar 12 '18 at 16:17
  • @JayBlanchard sure, both are in the same folder. Thank you! This mysql is obsolete i will fix it. – I. Valera Mar 12 '18 at 16:18
  • What is the URL you are running this script from? – Jay Blanchard Mar 12 '18 at 16:22
  • @JayBlanchard http://localhost/municipia1/modulos/ingresos/cobro.php – I. Valera Mar 12 '18 at 16:25
  • If that is the address you're running it from change the url in the AJAX to `url: 'actualizarIngreso.php',` because the AJAX call is looking for those directories *below* your starting point. – Jay Blanchard Mar 12 '18 at 16:27
  • You need to get in the habit of [accepting answers](http://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work) which help you to solve your issues. You'll earn points and others will be encouraged to help you. – Jay Blanchard Mar 12 '18 at 16:30
  • 1
    @JayBlanchard Yes, i will. Thank you. I am a new at programming and here, so sorry for the english grammar (not my native language) and all the newbie question. Thank you again. – I. Valera Mar 12 '18 at 16:37

1 Answers1

0

AJAX paths to server-side scripts can either be relative or absolute. In this case you are making the AJAX call from the same directory location in which the server-side script lives. Since you are running both scripts from the same directory it would be easier to use a relative path and change the URL in your AJAX call to this:

url: 'actualizarIngreso.php',

As it stands now the AJAX call is looking for the following which is wrong and generates the 404 error:

municipia1/modulos/ingresos/municipia1/modulos/ingresos/actualizarIngreso.php

Many times developers will develop a central library of server-side scripts and put them in one location where they can receive calls from many locations. In that case you can use absolute path in your AJAX url parameter:

url: 'http://hostname/municipia1/modulos/ingresos/actualizarIngreso.php',
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119