0

Before, I used php and it was fine, with:

foreach($api['available_channels'] as $channel){
$number = $channel["num"];}

Right now I want to do the loop with ajax, for channels num 1 until the end.

How can I do that?

JSON Output:

http://jsfiddle.net/gnpj5csk/27/

var yql_url = 'https://query.yahooapis.com/v1/public/yql';
var url = 'http://****/**.php?username=***&password=***';

$.ajax({
'url': yql_url,
'data': {
'q': 'SELECT * FROM json WHERE url="'+url+'"',
'format': 'json',
'jsonCompat': 'new',
},
'dataType': 'json',
'success': function(response){
alert(response.query.results.json.available_channels);
},
});
fsack
  • 3
  • 3
  • Possible duplicate of [Access / process (nested) objects, arrays or JSON](https://stackoverflow.com/questions/11922383/access-process-nested-objects-arrays-or-json) – Heretic Monkey Jun 19 '18 at 14:18
  • 3
    `'q': 'SELECT * FROM json WHERE url="'+url+'"'` seriously, **do not do this**. This is a blatantly open sql injection attack waiting to happen – Taplar Jun 19 '18 at 14:18
  • @Taplar i didnt fount other way to send the ajax. its cross origin domain so i must use yahoo proxy. – fsack Jun 19 '18 at 14:20
  • I'll retract my last statement since this looks like a endpoint designed by yahoo, and they probably have security rules about what operations that endpoint can do, but still this is some terrible api design. – Taplar Jun 19 '18 at 14:25
  • What can happen with a Sql attack? To the site itself? I want to learn a little more – fsack Jun 19 '18 at 14:32
  • Lots of terrible things, https://xkcd.com/327/ as an example. – Tim Lewis Jun 19 '18 at 14:33

1 Answers1

1

Use the each method to loop through the parsed JSON 

var response = JSON.parse(response);

$.each(response, function(key, value){
    console.log(key + ': ' + value);
});

I was right in thinking it's the response you want to loop through right?

Also, definitely take the other's advice and keep SQL queries on the back end.

Matt
  • 1,518
  • 4
  • 16
  • 30
  • Thank you, yes I'm taking the advice too. i sould change the key and value? i tried this: http://jsfiddle.net/gnpj5csk/34/ but i dont know what to edit – fsack Jun 19 '18 at 14:31
  • You'll want to send only the url variable to the server and then complete the query there using mysqli for example. On line 7, a hacker could modify this line to run any code they want on your database. If you want to really read into stuff, you could lookup parameterized queries but standard mysqli_* functions will be fine for now. Also, I'm not sure what you're doing with the Yahoo API thing but I'd recommend setting your own local PHP server up if you haven't already. – Matt Jun 19 '18 at 15:07
  • Yes, I will take care to remove it, but I first want to know how to make the loop. edited jsfiddle: http://jsfiddle.net/gnpj5csk/49/ – fsack Jun 19 '18 at 15:23
  • Ah right, heres one that loops the response and alerts it: [http://jsfiddle.net/gnpj5csk/54/](http://jsfiddle.net/gnpj5csk/54/) - can't say it'll work, I can't test it right now :) – Matt Jun 19 '18 at 15:30